last executing test programs:

4.287752283s ago: executing program 4 (id=1207):
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x80202, 0x0)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

4.09370571s ago: executing program 4 (id=1210):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x1218088, &(0x7f0000000f80)=ANY=[@ANYBLOB="7379735f696d6d757461626c652c757466383d312c696f636861727365743d61736369692c73686f72746e616d653d77696e39352c73686f77657865632c6e66732c636865636b3d7374726963742c756e695f786c6174653d302c757466383d312c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c726f6469722c726f6469722c64656275672c757466383d302c726f6469722c71756965742c6572726f72733d72656d6f756e742d726f2c009c8a8fc4f74784ad79ec08fb556262ebc972ef94821f3565ef5f75f11e30ef1f72a065c510b17cae356940538b7b2c1c1416c42047ca7a5d72f4627c25306b2479725add28f511a68f5f6f47f9facdd0cc574286d00ab52d6b9374b6a58eac694336ebe971f41860d01084c1a035afc6241e25fa6b51d80fa9f9d2c1a2e7a5284f93296217ef8f28e0a36e573296a0bfb38b94191f4b82873563f3759b5e193ecfab6ed7892542364757e47d656ad6a0fbb6e8bf138bddae620a3602991821d4844f628e6bdd8b62cca73744332f0185a54b52a0352a82c794995bbb97c82fcde79d"], 0xa, 0x2c2, &(0x7f00000008c0)="$eJzs3T+LI2UcB/DfZLOTUYuksBLhBrzC6nCvE5sscgfiVh4p1EIX7w5kE4Q7WPAPxqtsbSwsfAWC4Au5xncg2Ap2nnAwMpOZndk1xkQ2K7f7+TT72+d5vjPPMxmys0WefPjy7OhuHvcfffFLZFkSvXGM40kSo+hF46s4ZfxNAADPsidFEb8XC5vkkojItjctAGCL1vv732/Lny5kWgDAFt1597239w8Obr2TRRa3Z18fT8r/7Mufi/79+/FxTONevBbDeBpRPSjsRvW0UJa3i6KY9/PSKK7P5seTMjn74HF9/P3fIqr8XgxjVDWdPG1U+bcObu3lC538vJzH8/X5x2X+ZgzjxZPwqfzNJfmYpPHqK53534hh/PxRfBLTuFtNos1/uZfnbxbf/vH5++X0ynwyP54MqnGtYueCXxoAAAAAAAAAAAAAAAAAAAAAAC6xG/XeOYPIr8X1WdlU77+z8zTS8te8MWpTZf+iSpqm7v5ARVHMi/i+s6VgXtQD2/19+vFSv7uxIAAAAAAAAAAAAAAAAAAAAFxdDz/97OhwOr334FyKZjeAfkT8eSfivx5n3Gm5FqsHD+pzHk6nvbo8NeZx2m2JnWZMErFyGuUizumy/Fvx3Nk5N8UPP5YL3OSAWafl9eUL3N3+upq76+gwWX6uQTQtWX2TfJdGtGPSWPNc6T91FbHJ7Zcu7RpuvPb0haqYrxgTyaqJvfHr4srVLcnZVaTVVV0a362LTvzMvbHW6x7ZIv7394qk2q1jsL03IwAAAAAAAAAAAAAAAAAAuOLaT/8u6Xy0MtorfBQYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEui/f7/DYp5HV5jcBoPHv7PSwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAK+CsAAP//hipWFQ==")
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0)

3.789438078s ago: executing program 4 (id=1213):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000020c0)=[@in6={0xa, 0x0, 0x0, @remote, 0x34}]}, &(0x7f0000002100)=0x10)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, 0x0, 0x0)

3.777107496s ago: executing program 1 (id=1214):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x1c, 0x15, 0x301, 0x0, 0x0, {0xc}, [@typed={0x8, 0x4, 0x0, 0x0, @u32=0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc000}, 0x4000000)
sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0)

3.434132977s ago: executing program 1 (id=1218):
syz_mount_image$btrfs(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x16, &(0x7f00000002c0)={[{@nobarrier}, {@noflushoncommit}, {@nossd}, {@commit={'commit', 0x3d, 0x3f}}, {@nodatasum}, {@nodiscard}, {@nobarrier}, {@compress_algo={'compress', 0x3d, 'zlib'}}, {@noacl}]}, 0x6, 0x5104, &(0x7f0000005480)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75pcNWjiAAAAQF/x/90Xv1qIeT375iDN6089evBc1Xil/N8cLv+P3dJXBQAAANyMI19sf7iqXsr/reHy//htnTUAAACwFO98OPFBVb2U/2dvnP/rSf5fnS/zKx+yTj/Fv0I4NBnCxMLKXFb4ObSf7hYAAACAWyTm9D8/3flD1X6l/D9Xff//eKeDeP1/z/3/Ctf/hzDVW8ju+vdkXgAAAIB7Svl6/nh7/OzJBf2evz/s9f8P/O/gq1XHL+X//cPl/3pxeSuf/wcAAADL8F97/t/20jjVBt3//76P3v2lqn8p/7eHy/9xuab48k7E9+e9yRDWL6zkdxP8Jh5uV1KYHysUOlpJj22xR16YHy8UOuaSHpsnQ3hwYWV/Uvh/LLSTwpW1eeFIUjgdC/n50C0cSwon4pn2+dp8umnh+1jIL7CYj1dQrOleEpH0uNqvx0Lhhj3Odg8OAABwT4nhOc+yY73NkEbZ+dqgHVYP2mFk0A71QTuMJjukO/bbHmZ7C3F7+8zGpT3//8hw+T++Fflz/vpd/x/i9f/5cw271//PxkIjKczHQiu9Y0ArHiMLux/HYzRaeY8r67sFAAAAuKvF7wXqKzwPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+Ie9e42Rq7oPAH72Od6H1wtJFUKjZJPUOG7i9domD7VUWVOqRqQ064aCqohiY6/J4gU7tikxCpGxiWiEoLRBSj4UYRRFNR+gViAiKSBcpDhC5RFRFQUQKLSGKIiUkkSkCVKoZu89s3fO3Xks9hov/f0k75yZ/3neeXjOvXfOBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/n84/JWr/rZZ/OHfnvP0cxeOX7Zv/YUvX3POqY+HMDHzeEcW7ui//tbxn9959l377lt72z1Hz/1wb14uj4eB6p/O/M51sdajS0O4tyOE7jSwajAL9OT3B2N97xkM4ZQwG6iVmOzPSqQNh+/3hXAgzAZqVX2vL4TBQuD8Jx568MZq4pa+EJaHECppG89Wsjb60sAZvVmgPw1s784Cv3ojUwt8tzMLwDGLb4bai/7QRH2G4bnLNXj99Ry3jr210uF1xcRw43w/W7/AnSroTR+YOKanrVQdC6L09jjs3bYI3m2l7Xyzp634RSr/hvLGbKgSOrdMbt105fTu+EhnGB3talTTAj3PT736pc3zSS+a12HswPBxeR3e9NjyO7tWnvfoPauWv3jwI/tfOtZu/qiwSYvphVYJ+Wtu0TyP0bjPk0Xw9it9SxrxpSuEsPXzv/eZZvHS/H+4+fw/vpzjbWdd7ljr60PZ3Dw+MhgTrwxlc3MAAABYNBbDXtPtow98oll9pfn/SHvH/+Mh/3wyn432cAjjM4n9y0I4bebxLHBHbO6SZSG8fyY1UR9YnwQOh/DumcTKWlVJiSWxxEgS+MlQHhhPAkdiYCIJfCsGbk4C18XAoSSwOQYOJ4GzYyBM1Y/j94fycbQd6IuBjdlGPBTPQvjFUGwt2VbP1KoCAAA4TvLZYU/93cK5DseaIU4vD/W1yhDPwG6YoZLUkM5ga9OqhjV0t6qhs1UNtXHvbT78Us0drWounYbRUZ/h1l/+zWdDE6X5/1jz+X9ljo50lI7/h7Bh5m/M3ZlHpmvxjRN1GQAAAIBjMPC/z3+zWbw0/x9v7/z/uE+kq5A5PBJ3Q2xbFsJYfSCr9g/Lgeyo90AeAAAAgMWgdjy+dix8Kr/NTtFO59Pl/BPzzB8P/I/Pmb/38P0bm/W3NP+faO/8//7626wTR2IvvrYshCWFwA9iL6uBGSMx8ONP1gfy8R+JG+CGWFV+YkKtqhtiiY0xMJYEDjQq8cNaidPqA/mTVWt8f20cU3mJQgAAAABOuLg7IB6Xj+f/f+A3a69qVq40/984v/P/Z+bBpdP7pwdCWN0dQlf6w4BH+rOFAWNgsCNPPNCf1dWVVnVtfwhnVQeWVvV8vv5/d7rG4BN9WVUxcNoHDr56RjXxzb4QVhcDT37u9o9WE7uTQK3xv+wL4X3V0aaNf2dJ1nhP2vjXl4Tw3kKgVtUlS0KoNtabVvVQJb+OQVrVP1dCeEchUKvqY5UQ9gQAFqn4X+mW4oO79ly9bdP09OTOBUzEffh9YevU9OTo5u3TWyoN+rQl6XPdMkbXlsfU7pVvnsmXKLrg7g2D7aRrvxMcK7aV78cvnTiY34/fhXpmxrm2p+7uunTIH/pguYlQ+CbVaMidCzzk/mIls09iqf6YvzcMhCVX7prcOfrFTbt371yT/W03+9rsbzzMlG2rNem26p+rb228PBqulpV4s9tqRbGS1bsv37F6156rV01dvunSyUsnr1jzsbVjZ46tG/v4mauroxrL/rYY6oq5qk6G+sbtbY7rOA719O5CJSfiU0NCQmKxJbYPrGj6f3Jp/r+j+fw/furET/58fYZGx/+H42H+7PHZw/wbY+BAu8f/hxsdza+dGDCSBPbGwF6H+QEAAHh7iJP8uDcz7pX+6crvvNisXGn+v7e93/8fp/X/a0vXn9tomf+VscRYo/X/02X+a+v/7220/n+6zH9t/f8Db8H6/1fWAskm+YX1/wEAgLeDE7f+f8vl/dMLBJQytFzeP71AQClDy2X8271AwLzX/3/2P//qv0MTpfn/ze3N/y3cDwAAACePL//ZVb/TLF6a/x9ob/5/4tf/C43O/x9pFJhotDCg9f8AAABYpBqt/zd8ff/FzcqV5v+H2pv/x9MuOutyx1pfH8rWtAvpmnavDNV+MgAAAACLQ2cYHe1pM2/dyqjr33ybT+VLgTZLFz3/J0fnd/7/4fbm/3W/y7jpseV3dq0879HX71m1/MWDH9n/0uzxfwAAAGDhtLtfAgAAAAAAAAAAAAAAeOs9/x/71jWLl37/HzbMPN7o9//xun/x9wXvrMsda229/l9+//xP37VnZsnCR4ZC+GAxsG3ftlNCfm3+FcXAgxetfFc1sS8tcf9zZ79QTVycBj616tTXqomzksDGuEjiu9NAvKria0uTQFxe8d/TQNweh9JAbx746tJsHB3ptvrpYLatOtJt9fRgCMsKgdq2uncwa6MjHeAtSaA2wC+kgTjAP88DnWmv7hrIehUDg7HobQNZrwAAOGnFb4E9YevU9ORY/Aofb0/vrr+N6pYsu7ZcbUebzT+TL012wd0bBttJd6XfRWevNd4TKtUhrCl9XS1m6ZgZ5fGppcWme2eDIbda7a2zQbnUfDddb+MR9WUjGt28fXpLT8uBr2udZW13yyxrSpOdYpbOmU3aRi1t9KWNEbW5bdrocrzfGUZHu5JcfxCDw6FOq1dEu7/XL67z1+hVUMxzxdH9v2pWX2n+P9ze/L9SHNdr+cUA9sYr6/3dMsv8AwAAwML66vpffyP+++z1Dz/ZLG9p/j/S3vw/7sHKDwVnezsOx+v/718Wwsyl9YezwB2xuUuWhfD+mdRELJFdUP/cWGIsC9wRd5isjCU2TtRXtSQGDiWBnwzlgcNJ4EgM5HspDoZ8V87fD4Xw0ZnUhvoSO2KJ4STwmRgYSQKjMTCWBJbGwHgSeHlpHphIAv8WA2GqflvdvTTfVgAAAPORz7N66u+GdJ53qLtVho5WGfpbZehslaHSKkOjUcT7344ZepKTVzoKmXrSWvuSWkoZ4sXw592vUobww/qcacFS0/H8g9r5Bh31Ge77RHclNFGa/4+1N//vr7/NWj8S5/+z1//LAj+I3ftaPHV8JAZ+/Mn6QL5j4Eic7N5Qq2oiL5FP2m+IJcZjYCQJ7IiB8SSwcUMeOPCu+kA+0641vr/W+FReohAAAACAEy7uIIi7aeL8/7ZdXxloVi6f/4/U5v/j7c3/Y3sDxcaui7UeXRrCvR2zvakFVg1mgbgfYzD+PP49gyGcUtjBUSsx2Z+V6E0aDt/vy36h3ptW9b2+7McH8f75Tzz04I3VxC19ISwv7H2ptfFsJWujLw2c0ZsF+tPA9u4sEPf81ALf7cwCcMxqewXjCyo/1aVmeO5yDV5/b5drgqbDK+0DnSPfXL+5WiilHa75PtWa+T1tTfffctyU3h6HvdsW47tt2Lut+EUq/4byxmyoEjq3TG7ddOX07vhI8ZesJQv0PBd/pdpO+ji8Dve++d62Vkk7MJZ8fIzNXW7u12FHrO6mx5bf2bXyvEfvWbX8xYMf2f9S291oIP5Q+KFr/nXwR4XNu9AqIX/NLbrPkwmfJ4vxv4ERT1sIYcPLX7+hWbx0/H+ivfl/d3I749dxY+5aFsKHChv3kbj5/3hZ9jlYCGSfku8oB7JD7v811PCTEwAAAI632u6O2v6Cqfw2OyE8nSeX80/MM3/cXzE+Z/52+93/1xctbxYvzf83Np//L0m66fi/4/8sEMf/53Sy74pekj6w95h2RZeqY0E4/j+nk/3d5vj/nBz/d/x/Lo7/t+D4/5xO9qet9C1phy9dIYQX/+iBp5vFS/P/He3N/63/N/eifbX1/zY2Wv9vR6P1//Za/w8AAFhQDRaaS+d5pdX7ShnS1ftKGVouENhyiUHr/817/b8XTn/2N6GJ0vx/b3vz//hyGCi2vljW/xvZ0KCqm2Ngh4UBAQAAOBk12kEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAW+u+f/ifLc3iD//2nKefu3D8sn3rL3z5mnNOfTyEqZnHO7JwR//1t47//M6z79p339rb7jl67ocrebme/PZ363LHWl8fCuFA4ZHBmHhlqHpnNnD+p+/a011NPDIUwgeLgW37tp1STXxrKIQVxcCDF618VzWxLy1x/3Nnv1BNXJwGPrXq1NeqibPyQEfa3X9cmnW3I+3ujUtDWFYI1Lp72dL6qmpt/Gke6Ezb+KfBrI0YGIxFvzGYtRED07HE1JIQVneH0JVW9XAlq6orrepfKllVXWlVX66EcFYIoTut6rnerKrudOSP92ZVxcBpHzj46hnVxIHeEFYXA09+7vaPVhNfSAK1xv+iN4T3VV8yaePf7ska70kbv6UnhPeGEHrTEr/szkr0piWe7w7hHYVArfHPd4ewJ/C2ED986j7Rdu25etum6enJnQuY6M3b6gtbp6YnRzdvn95SSfrUSEch/ca1b37sz7z6pc3V2wvu3jDYTro7L9cz0+W1PXV3153svY/96i9WMvt8lOqP+XvDQFhy5a7JnaNf3LR798412d92s6/N/nbl0WxbrVks22pFsZLVuy/fsXrXnqtXTV2+6dLJSyevWPOxtWNnjq0b+/iZq6ujGsv+Nh5qb9tDvf3ED/X07kIlJ+IDQOLEJqqvy5OgGxKLOtFZ9+k2drJ/kJe+6M92tCdUZj6gS9OKYpaOmVEej0GvT4Irjv+gR+L3lJYjWlOaOJSyrG2dZV1pMjGbpS/LMvO9rjQ5LNbUObNJ4/3OMDra1Wg7DNffLW7en6Wbdx6eyjdju2kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP9jBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgWMBAAAAAGH+1mH0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//5DAgkw==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000d80)='./file1\x00', 0x143042, 0x0)
pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f0000000040)="d8", 0x1}], 0x1, 0xe7b, 0x0, 0x18)

2.731019839s ago: executing program 4 (id=1226):
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000080)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x81008e, &(0x7f0000003f80)=ANY=[@ANYBLOB="726f6469722c7379735f696d6d757461626c652c6572726f72733d636f6e74696e75652c756e695f786c6174653d312c73686f72746e616d653d77696e6e742c756e695f786c6174653d302c636865636b3d7374726963742c636f6465706167653d3935302c696f636861727365743d63703836302c696f636861727365743d63703433372c73686f72746e616d653d77696e6e742c696f636861727365743d63703933322c6e6f6e756d7461696c3d302c6e66732c726f6469722c757466383d312c73686f72746e616d653d6d697865642c757466383d302c00e23bb66df271dc392ed708", @ANYRES16], 0x4, 0x2ba, &(0x7f00000001c0)="$eJzs3T9ra2UYAPDnpPmnDskgDiJ4QIc7XW7v6mCq9MLFTEoGXfTiTUGaILRQ8A+mnVxdHP0EguDW1Q/g4jcQXAU3OxSOnJNzmqZN00ZMq97fb+nTc97nfZ+3edvSwnny0Svj3adp7Bx9+Wu020nUetGLkyS6UYvKYczpfRMAwH/ZSZbFH9nUKnlJRLTXVxYAsEYr//7/ce0lAQBr9t77H7yz1e9vv5um7Xg0/vpgkP9ln3+c3t/aiU9iFMN4EJ04jcjOTONHWZZN6mmuG6+PJweDPHP84c/l/Fu/RxT5m9GJbnFpPv9xf3sznTqXP8nreL5cv5fnP6x34sUF6z/ubz9ckB+DZtx7raw/4jDuRyd++Tg+jVE8LYqY5X+1maZvZ9/++UXxH408P5kcDFrFuJls47ZfGwAAAAAAAAAAAAAAAAAAAAAA/r/ul71zWlH078kvlf13Nk7zTxqRVrrz/Xmm+Uk10YX+QJMsvqv66zxIX2pl5cBZfj1erkf9bnYNAAAAAAAAAAAAAAAAAAAA/y77n32++2Q0Gu4tC248uOoGUD3Wf+3MVwS94d5xdeXVWD64NVurVoajYV7IwqzYqMYkEUvLyDfxt4pfPXiuqHnBre9/WHXC9vVjGovX+ieD6sDsPkkWfw1bZ69Ouzokx+fHNOOGazWnwZuXbmUrHb/mwludG6Qn8/O8UASTJVmRLCvsjd8iGhHVmU8u7qJ51cEeDRtFcO/qb732Suf58s+KRLcOAAAAAAAAAAAAAAAAAABYq8sP+Z9ztDS1lrXWVhYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3KrZ+/+vEEzK5OmVn95aMrgZe/t3vEUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeAX8FAAD//9OuWkY=")
syz_mount_image$vfat(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x2bc3c1f, 0xffffffffffffffff, 0x7, 0x0, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)

2.583804816s ago: executing program 2 (id=1228):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3)
ioctl$TCSETS(r0, 0x5402, 0x0)

2.491556015s ago: executing program 0 (id=1229):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000980)={0x6}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000520001192abd7000ffdbdf2502"], 0x1c}, 0x1, 0x0, 0x0, 0x8800}, 0x40800)

2.363127852s ago: executing program 2 (id=1230):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8052, &(0x7f00000000c0)={[{@noauto_da_alloc}, {@init_itable_val={'init_itable', 0x3d, 0x6}}, {@dioread_nolock}, {@grpquota}]}, 0x1, 0x4ee, &(0x7f0000000740)="$eJzs3E1sVNUeAPD/nWlL+Xr08Xi8B4/3XhGNjcSWFhQWJgajiQtNjCzUnU0/CFKooSURgmZIDC4NiXvj0q0Lt+qGGFcmbnFpYkiIYQOYGMfcmTufnWlpOzO19vdLhjnn3rn3nP+999yeew4zAWxZw+k/STl9OyL2RESu+QPD5bcH965NPbx3bSoKxeKZX5LSZvfTfCbbTezMMiO5iNyHSW1FnYUrV89Pzs3NXMryY4sX3h1buHL16XOD2ZJTp04cHz/57MQzqw+qRXlpXPcPfjB/6MDLb918daqvsrxSWn0cnTIcw62qUvJEpwvbYLvr0knfBlaEVUmv//R09Zfa/57Ix3Inr9DDmgHdViwWi9vary4Um11fsgTYtJLY6BoAG6Pyhz59/q28WnUEBrrT/dhwd0+XH4DSuB9kr4j/lxZWxkH6m55vO2k4It4s/Ppp+oqGcYi3u1QiALDVfX26OvzT2P8bKs+M/Hb51vPp+9+yOZShiPh7ROyNiH9ExL6I+GdE7I+If0XEv5v2n4+I4jLlDzflq+VXJ6FydzoQZltp/++5bG6r1v9rqMBQPsvtjqh0mGeOZcdkJPpLx298mTK+efGHj9utq+//pa+0/EpfMKvHnb6mAbrpycXJtcbb7O71iIN9zfEnfRFJdSYgiYgDEXFwFfsdqkufe+rzQ9VMf+PnVo6/pNhyHq0D80zFzyKeLJ//QjSc/1qJScP85IXJszNnZy5OVOcnxwZjbubY2Gzb2nz3/Y3X2q1bMf4vf2re5KWTX53JWtb6ped/R/X67yvFXpq/rcU/lEQk1fnahdWXcePHj9rOra71+h9Iygsrz6XvTS4uXhqPGEheWbp8orZtJZ++R6Ec/8iR1u1/b7ZNeiT+ExHpRfzfiPhflJ8Q07ofjojHIuLIMvF/+8Lj76w9/u5K459uuv+Vz3zD+a/N17dLJNncYItV+fOHbz9sc/N4tPN/opQayZa0vv8lDbeIdjWtjHukS35f99EDAACAzSEXEbvqxpJ2RS43OloeA9oXO3Jz8wuLR2fnL1+cTtdFDEV/bvbc3Myxgcp4cH+S5sezMb9KfqIpfzwbN/4kv72UH52an5ve0MiBnaU2n+RGI97I17X/1M+dGWIG/sx8Xwu2riXtv+4bwGknfv/NHlcI6JlH//t/6/2uVgToubr23+4b/oU1/L8vYBPw/A/UrPxDP+4ZsPkVtWXY0lbV/o/6EUD4K+mL16vp3IbWBOg1/X/Yklb8Xv+6EsVtrVcNxtIPx+DyO8zH2qqxvVZW5bdHuhly+0Tas+p5oWli+1q2qvyaQtvPRG51O9wWnTmns+s8GoVLC2f3d/ziL+a7c2l90ZN22irR81sRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAV/wRAAD//7xR0mI=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$EXT4_IOC_SETFSUUID(r0, 0x4008662c, &(0x7f0000001480)={0x10, 0x0, "efadd89a95dbcd173b03b36f7ba844b2"})

2.34678231s ago: executing program 0 (id=1231):
r0 = memfd_create(&(0x7f0000000b40)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'\b\x00\x00\x00\x00\x00\x00\x00\x1c\xa6\xab\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94k\xcd\t\x00\x90k\xd6\x05\xb6&\xd0\x9daA\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\x03gB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\xfe@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\xbd#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x92!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xe2\x05\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\x91\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7\x8en\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xef\x03Ga\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xcaf2\x02F1\xc6\x82\x00E\xae\x9d\xbd/\xd0J\xce=\x924\xc0\x17\x871N:\xb4\xea \x8e\xdelV\x83\x1f\'\xe2\xd6\xc0\xc3\xfc\xc9677u\xf3RUP@o>\xee\xb8\xa3\t\x02\xb7\\,\xebK\xed\x1b\xc9e\xb3\x16\xce\x9bI\xdb\xfa\x82\x85\t\x9bg\xd0s\xe2\f{\x8cp~;\xf8\x96\xf2\x91\x06\x89\xa6D\xce\xac\x03\xc1\x83\xd1\xe6 |\xa75\xd7\x80t\xfc\xf8\xd2\x12N\x1cB7^\xfd4\xae\xb0VFw\b!\xae\x1baTv\xc0z\x19\xc5\xc8H\x7fsk\x9cD\xb3w\xba\x97N\x9a`\x8f\xfc\x9ee\xf9\x00\x1cQA\x14]\r\xd4\"\xc2\x12GD\xdb{\x88\xaa\x81\xc8\xa2\xdeI\xa2\xbel\x0e\xec\x17fNI\x05\xff\x8d\xf4_\x1a\vqA\xb7\x0ed<\x98\xee\xb8\x19\xec\x9f\xee\xe1_\xacG\x8b\xa3\xc3\x13\x80\x0f\xf4I\xdeAwG\xbdkno\xa2\b\x126\x97\x9b\xf9|P\xd94\v\x15\xcb\xc0\x9d\x11\xf3\x18\xae!2\x1b\x12\xa9\xc8~\xb7S\x94\xb5\xc7;\xa90D>s\xe9\xa4N', 0x2)
fcntl$addseals(r0, 0x409, 0x2f)
ftruncate(r0, 0x1)

2.278724697s ago: executing program 4 (id=1232):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042)
pwritev(r0, 0x0, 0x0, 0x0, 0x9)

2.114345283s ago: executing program 3 (id=1233):
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
connect$rose(r0, &(0x7f0000000000)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0xffffffff, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}, 0x1c)

2.015525992s ago: executing program 1 (id=1234):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd)
ioctl$TCFLSH(r0, 0x540b, 0x0)

1.971556555s ago: executing program 0 (id=1235):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r0, 0x3b82, &(0x7f0000000180)={0x20, r1, 0x2, 0x0, &(0x7f00000001c0)=[{0x0, 0x1}, {0x3, 0x5}]})

1.911561712s ago: executing program 3 (id=1236):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=@newlink={0x50, 0x10, 0x40d, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x300}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_BC_QUEUE_LEN={0x8, 0x9}]}}}, @IFLA_ALT_IFNAME={0x14, 0x35, 'macvlan0\x00'}]}, 0x50}}, 0x0)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x5b, &(0x7f0000000100), 0x1, 0x0, 0x0, 0x1f000801}, 0x40)

1.788844929s ago: executing program 2 (id=1237):
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000540)={'\x00', 0x7ff, 0x3, 0xc, 0xb, 0x59c, 0xffffffffffffffff})
ioctl$BLKTRACESTART(r0, 0x1274, 0x0)

1.695582584s ago: executing program 4 (id=1238):
keyctl$clear(0x3, 0xfffffffffffffffc)
keyctl$set_reqkey_keyring(0xe, 0x4)
request_key(&(0x7f0000000100)='big_key\x00', &(0x7f00000006c0)={'syz', 0x0}, &(0x7f0000000700)='asymmetric\x00', 0x0)

1.695298207s ago: executing program 0 (id=1239):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
setfsuid(0xee01)
write$cgroup_int(r0, &(0x7f0000000040)=0x1c9, 0x12)

1.177552528s ago: executing program 32 (id=1238):
keyctl$clear(0x3, 0xfffffffffffffffc)
keyctl$set_reqkey_keyring(0xe, 0x4)
request_key(&(0x7f0000000100)='big_key\x00', &(0x7f00000006c0)={'syz', 0x0}, &(0x7f0000000700)='asymmetric\x00', 0x0)

1.170090042s ago: executing program 0 (id=1241):
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x360, &(0x7f0000000b00)="$eJzs3c1rO0UYwPEnaZImKW1yEEVBOtiLXpY2ehaDtCAELG0jtoKwbTcasiYlG6oRse3Jq3j3JHgovVnwUND+A71404sI3noRPFhBXdm3ZPPWl5g0/trvB0omM/PszmQn5dm0m718+/MPKiVLK+kNiSaVRERErkSyEpVAxH+MuuWEhB3KSzO///j8+mYx6VWolfzGyzml1Nz8dx9+kvK7nU3LRfbdy99yv148ffHs5T8b75ctVbZUtdZQutqu/dzQt01D7ZatiqbUqmnolqHKVcuoe+3f+Nsxa3t7TaVXd2fTe3XDspRebaqK0VSNmmrUm0p/Ty9XlaZpajYtuEnxeG1Nzw8ZvDPiwWBM6vW8PiUiqZ6W4vFEBgQAACaqO/+POin9MPn/lswVCstryunczv9PXjhvzLx1Oufn/2eJfvn/Kz952+rI/53TiXb+X/POD0o35/9fyh3y/96M6HEZOv/PjmEwGM58oqcq0vHMyf/T/vvXdfTOyaJbIP8HAAAAAAAAAAAAAAAAAAAAAOBJcGXbGdu2M8Fj8NO+hMB/jgdp0PGfFpGkc/Rtjv9Dtr65JUn3wj3nGJuf7Rf3i96j3+FcREwx/ra7OWsjuPJIObLyvXngxx/sF6fclnxJyk68LElGsu56CsXb9sobheUl5fHjW5cppcPxOcnIU+H4b93V6cTnOuP9/SfkxYVQvCYZ+WFHamLKrhvZ3v+nS0q9/mahKz7l9hORX+79oAAAAAAAMGKaaul7/q5pg9q9bxnJl9yPiQxZlIz81f/8frHv+Xks81xs0rMHAAAAAOBxsJofV3SJGnW3YJr9CikZ2DSCQqyjJi4ifTsnumri1215KjTD244nId4dTP7rvL4KXtW7RAX/SOEMvNXk31FFhhtPMH+3JhJrNf1513lFDsVdAIfhpqjcIjzWPfh5p0L17bwwcDtH/kRaNcHHRokBr7Os9m4nes1KiPfU2JHhFsAzX3z9x+jeIK+e+ivgo5s7H5mGfSC3OShdBWcXvU3xsf/iAQAAAHDv2kl/UPNauDl8I5HwzXL4yz0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACM0lq/06ypMeo4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/8W/AQAA//9/d/Qh")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x105042, 0x40)
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x100000b, 0x2013, r0, 0x0)

1.157259661s ago: executing program 1 (id=1242):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000001f80)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000073000000850000005000000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000040)='percpu_free_percpu\x00', r0}, 0x10)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x6, 0x4, 0x1ff, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffe}, 0x48)

1.156662104s ago: executing program 2 (id=1243):
setrlimit(0x1, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff})
r0 = syz_open_procfs(0x0, &(0x7f0000000540)='net/rt_cache\x00')
ftruncate(r0, 0x7fffffffffffffff)

1.156343574s ago: executing program 3 (id=1244):
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, 0x0, r0, 0x0, 0x46)

982.010589ms ago: executing program 1 (id=1245):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f00000005c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2000084c, &(0x7f0000000440)=ANY=[], 0x81, 0x1505, &(0x7f00000036c0)="$eJzs3Au4jtW2OPAx5pwvi6QvyX2OOV6+5DJJklwSEkmSJEluCUmSJCGxyC0JScg9yT0kt1jJ/X7LPUm2JElCQpL5f7Q7x9mnfU77/Pc+23n2Gr/nmc+aY73fmN+Ya6zn+973Xc/6vu04uGr9apXrMjP8XfDPX1IBIAUA+gHANQAQAUCpbKWyAS6fnklj6t/3JOIf66FpV7oCcSVJ/9M36X/6Jv1P36T/6Zv0P32T/qdv0v/0TfovRHq2dXrua2Wk3/HPu/8PIPf//6+R9/9/IYeLjflyfbHrO/0PUqT/6Zv0P32T/qdv0v/0Tfqfvkn//8VFAJX+m8PS/39Nf+ttFum/EOnZlb7//E8YKQBwpWv4Pzuu9O+fEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQoj04Vy4zADAv82vdF1CCCGEEEIIIYT4xwkZr3QFQgghhBBCCCGE+N+HoECDgQgyQEZIgUyQGa6CLHA1ZIVrIAHXQja4DrLD9ZADckIuyA15IC/kAwsEDhhiyA8FIAk3QEG4EQpBYSgCRcFDMSgON0EJuBlKwi1QCm6F0nAblIGyUA7Kw+1QAe6AilAJKsOdUAXugqpQDe6G6nAP1IB7oSbcB7XgfqgND0AdeBDqwkNQDx6G+vAINIBHoSE0gsbQBJr+f+W/CF3hJegG3SEVekBPeBl6QW/oA32hH7wC/eFVGACvwUAYBIPhdRgCb8BQeBOGwXAYAW/BSBgFo2EMjIVxMB7ehgnwDkyEd2ESTIYpMBWmwXSYAe/BTJgFs+F9mAMfwFyYB/NhASyED2ERLIY0+AiWwMewFJbBclgBK2EVrIY1sBbWwXrYABthE2yGLbAVPoFtsB12wE7YBbthD3wKe+Ez2Aefw3744n+Yf/Y/5XdCQECFCg0azIAZMAVTMDNmxiyYBbNiVkxgArNhNsyO2TEH5sBcmAvzYB7Mh/mQkJCRMT/mxyQmsSAWxEJYCItgEfTosTgWxxJ4M5bEklgKS2FpLI1lsCyWxfJYHitgBayIFbEyVsYqWAWrYlW8G+/Ge7AG1sCaWBNrYS2sjbWxDtbBulgX62E9rI/1sQE2wIbYEBtjY2yKTbEZNsPm2BxbYktsha2wNbbGNtgG22JbbIftsD22xw7YATtiR+yEnbEzvogv4kv4EnbHKqoH9sSe2At7YR/si33xFeyPr+Kr+BoOxEE4GF/H1/ENHIpncBgOxxE4AiuoUTgaxyCrcTgex+MEnIATcSJOwsk4GafiNJyOM3AGzsRZOAvfxzn4AX6A83AeLsCFuBAX4WJMwzRcgmdxKS7D5bgCV+IqXIlrcC2uwfW4AdfjJtyEW3ALfoKf4HbcjjtxJ+7G3fgpfoqf4Wc4EPfjfjyAB/AgHsRDeAgP42E8gkfwKB7FY3gMj+NxPIEn8RSexNN4Gs/gWTyH5/A8nscL+Hyer+vtLrxuIKhLjDIqg8qgUlSKyqwyqywqi8qqsqqESqhsKpvKrrKrHCqHyqVyqTwqj8qn8ilSpFjFKr/Kr5IqqQqqgqqQKqSKqCLKK6+Kq+KqhCqhSqqSqpS6VZVWt6kyqqxq4cur8qqCaukrqkqqsqqsqqi7VFVVTVVT1VV1VUPVUDVVTVVL1VK11QOqjuqBffAhdakz9dUgbKAGY0PVSDVWTdQb+JhqpoZic9VCtVRPqOE4DFurZr6Nelq1VaOxnXpWjcHnVAc1DjuqF1Qn1Vl1US+qrqq575bht5dANRV7qd6qj+qrZuJd6lLHqqrX1EA1SA1Wr6sF+IYaqt5Uw9RwNUK9pUaqUWq0GqPGqnFqvHpbTVDvqInqXTVJTVZT1FQ1TU1XM9R7aqaapWar99Uc9YGaq+ap+WqBWqg+VIvUYpWmPlJL1MdqqVqmlqsVaqVapVarNWqtWqfWqw1qo9qkNqstaqv6RG1T29UOtVPtUrvVHvWp2qs+U/vU52q/+kIdUH9SB9WX6pD6Sh1WX6sj6ht1VH2rjqnv1HH1vTqhTqpT6gd1Wv2ozqiz6pz6SZ1XP6sL6hd1UQUFGrXSWhsd6Qw6o07RmXRmfZXOoq/WWfU1OqGv1dn0dTq7vl7n0Dl1Lp1b59F5dT5tNWmnWcc6vy6gk/oGXVDfqAvpwrqILqq9LqaL65t0CX2zLqlv0aX0rbq0vk2X0WV1OV1e364r6Dt0RV1JV9Z36ir6Ll1VV9N36+r6Hl1D36tr6vt0LX2/rq0f0HX0g7qufkjX0w/r+voR3UA/qhvqRrqxbqKb6sd0M/24bq5b6Jb6Cd1KP6lb66d0G/20bquf0e30s7q9fk530M/rjvoF3Ul31l30L/qiDrqb7q5TdQ/dU7+se+neuo/uq/vpV3R//aoeoF/TA/UgPVi/rofoN/RQ/aYepofrEfotPVKP0qP1GD1Wj9Pj9dt6gn5HT9Tv6kl6sp6ip+pperru89tKs/+G/Hf+Sv6AX599i96qP9Hb9Ha9Q+/Uu/RuvUfv0Xv1Xr1P79P79X59QB/QB/VBfUgf0of1YX1EH9FH9VF9TB/Tx/VxfUKf1D/pH/Rp/aM+o8/qs/onfV6f1xd++xmAQaOMNsZEJoPJaFJMJpPZXGWymKtNVnONSZhrTTZznclurjc5TE6Ty+Q2eUxek89YQ8YZNrHJbwqYpLnBFDQ3mkKmsCliihpvipni5qa/O/+P6mtqmppmpplpbpqblqalaWVamdamtWlj2pi2pq1pZ9qZ9qa96WA6mI6mo+lkOpkupovparqabqabSTWppqd52fQyvU0f09f0M6+Y/qa/GWAGmIFmoBlsBpshZogZaoaaYWaYGWFGmJFmpBltRpuxZqwZb8abCWaCmWgmmklmkplipphpZpqZYWaYmWammW1mmzlmjplr5pr5Zr5ZaBaaRWaRSTNpZolZYpaaZWaZWWFWmFVmlVlj1ph1Zp3ZYDaYTWaTWWq2mq1mm9lmdpgdZpfZZfaYPWav2Wv2mX1mv9lvDpgD5qA5aA6ZQ+awOWyOmCPmqDlqjplj5rg5bk6YE+aUOWVOm9PmjDljzplz5rw5by6YC+aiuXjptC9SkYpMZKIMUYYoJUqJMkeZoyxRlihrlDVKRIkoW5Qtyh5dH+WIcka5otxRnihvlC+yEUUu4iiO8kcFomR0Q1QwujEqFBWOikRFIx8Vi4pHN0UlopujktEtUano1qh0dFtUJioblYvKR7dHFaI7oopRpahydGdUJborqhpVi+6Oqkf3RDWie6Oa0X1Rrej+qHb0QFQnejCqGz0U1YsejupHj0QNokejhlGjqHHUJGr6D10/hDM5H/fdbHebanvYnvZl28v2tn1sX9vPvmL721ftAPuaHWgH2cH2dTvEvmGH2jftMDvcjrBv2ZF2lB1tx9ixdpwdb9+2E+w7dqJ9106yk+0UO9VOs9PtDPuenWln2dn2fTvHfmDn2nl2vl1gF9oP7SK72KbZj+wS+7FdapfZ5XaFXWlX2dV2jV1r19n1doPdaDfZzXaL3Wo/sdvsdrvD7rS77G67x35q99rP7D77ud1vv7AH7J/sQfulPWS/soft1/aI/cYetd/aY/Y7e9x+b0/Yk/aU/cGetj/aM/asPWd/suftz/aC/cVetOHSyf2lt3cyZCgDZaAUSqHMlJmyUBbKSlkpQQnKRtkoO2WnHJSDclEuykN5KB/lo0uYmPJTfkpSkgpSQSpEhagIFSFPnopTcSpBJagklaRSVIpKU2kqQ2WoHJWj2+l2uoPuoEpUie6kO+kuuouqUTWqTtWpBtWgmlSTalEtqk21qQ7VobpUl+pRPapP9akBNaCG1JAaU2NqSk2pGTWj5tScWlJLakWtqDW1pjbUhtpSW2pH7ag9tacO1IE6UkfqRJ2oC3WhrtSVulE3SqVU6kk9qRf1oj7Uh/pRP+pP/WkADaCBNJAG02AaQkNoKA2lYTScRtBbNJJG0WgaQ2NpHI2n8TSBJtBEmkiTaBJNoSk0jabRDJpBM2kmzabZNIfm0FyaS/NpPi2khbSIFlEapdESWkJLaSktp+W0klbSalpNa2ktraf1tJE20mbaTFtpK22jbbSDdtAu2kV7aA/tpb20j/bRftpPB+gAHaSDdIgO0WE6TEfoCB2lo3SMjtFxOk4n6ASdolN0mk7TGTpD5+gcnaef6QL9QhcpUIpTkNld5bK4q11Wd41LcZncpTgCgEtxLpfb5XF5XT5nXQ6X8y9ics4VcoVdEVfUeVfMFXc3/S4u48q6cq68u91VcHe4ir+Lq7t7XA13r6vp7nPV3N1/Eddy97va7hFXxz3q6rpGrp5r4uq7R1wD96hr6Bq5xq6Ja+WedK3dU66Ne9q1dc/8Ll7kFru1bp1b7za4ve4zd8795I66b91597Pr5rq7fu4V19+96ga419xAN+h38Qj3lhvpRrnRbowb68b9Lp7iprppbrqb4d5zM92s38UL3Ydujktzc908N98t+DW+VFOa+8gtcR+7pW6ZW+5WuJVulVvt1vx7rSvcJrfZbXF73Kdum9vudridbpfb/Wt8aR/73Oduv/vCHXHfuIPuS3fIHXOH3de/xpf2d8x95467790Jd9Kdcj+40+5Hd8ad/XX/l/b+g/vFXXTBASMr1mw44gyckVM4E2fmqzgLX81Z+RpO8LWcja/j7Hw95+CcnItzcx7Oy/nYMrFj5pjzcwFO8g1ckG/kQlyYi3BR9lyMi/NNXIJv5pJ8C5fiW7k038ZluCyX4/J8O1fgO7giV+LKfCdXCYGrcjW+m6vzPVyD7+WafB/X4vu5Nj/AdfhBrssPcT1+mOvzI9yAH+WG3IgbcxNuyo9xM36cm3MLbslPcCt+klvzU9yGn+a2/Ay342e5PT/HHfh57sgvcCfuzF34Re7KL3E37s6p3IN78svci3tzH+7L/fgV7s+v8gB+jQfyIB7Mr/MQfoOH8ps8jIfzCH6LR/IoHs1jeCyP4/H8Nk/gd3giv8uTeDJP4ak8jafzDH6PZ/Isns3v8xz+gOfyPJ7PC3ghf8iLeDGn8Ue8hD/mpbyMl/MKXsmreDWv4bW8jtfzBt7Im3gzb+Gt/Alv4+28g3fyLt7Ne/hT3suf8T7+nPfzF3yA/8QH+Us+xF/xYf6aj/A3fJS/5WP8HR/n7/kEn+RT/AOf5h/5DJ/lc/wTn+ef+QL/whc5MMQYq1jHJo7iDHHGOCXOFGeOr4qzxFfHWeNr4kR8bZwtvi7OHl8f54hzxrni3HGeOG+cL7YxxS7mOI7zxwXiZHxDXDC+MS4UF46LxEVjHxeLi8c3xSXim+OS8S1xqfjWuHR8W1wmLhs/cl/5+Pa4QnxHXDGuFFeO74yrxHfFVeNq8d1x9fieuEZ8b1wzvi8uGd8f144fiOvED8Z144fievHDcf34kbhB/GjcMG4UN46bxE3jx+Jm8eNx87hF3DJ+Im4VPxm3jp+K28RPx23jZ/7weGrcI+4Zvxy/HIdwr56fXJBcmPwwuSi5OJmW/Ci5JPlxcmlyWXJ5ckVyZXJVcnVyTXJtcl1yfXJDcmNyU3JzcksyhGoZwaNXXnvjI5/BZ/QpPpPP7K/yWfzVPqu/xif8tT6bv85n99f7HD6nz+Vz+zw+r8/nrSfvPPvY5/cFfNLf4Av6G30hX9gX8UW998V8cd/EN/VNfTP/uG/uW/iW/gn/hH/SP+mf8k/5p31b/4xv55/17f1zvoN/3j/vX/CdfGffxb/ou/qXfDff3af6VN/T9/S9fC/fx/fx/Xw/39/39wP8AD/QD/SD/WA/xA/xQ/1QP8wP8yP8CD/Sj/Sj/Wg/1o/14/14P8FP8BP9RD/JT/JT/BQ/zU/zM/wMP9PP9LP9bD+n0Bw/18/18/18v9Av9Iv8Ip/m0/wSv8Qv9Uv9cr/cr/Qr/Wq/2q/1a/16v95v9Bv9Zr/Zb/Vb/Ta/ze/wO/wuv8vv8Xv8Xr/X7/P7/H6/3x/wB/xBf9Af8l/5w/5rf8R/44/6b/0x/50/7r/3J/xJf8r/4E/7H/0Zf9af8z/58/5nf8H/4i/64Mcn3k5MSLyTmJh4NzEpMTkxJTE1MS0xPTEj8V5iZmJWYnbi/cScxAeJuYl5ifmJBYmFiQ8TixKLE2mJjxJLEh8nliaWJZYnViRWJlYlQsi7LQ75Q4GQDDeEguHGUCgUDkVC0eBDsVA83BRKhJtDyXBLKBVuDaXDbaFMKBvKhUdDw9AoNA5NQtPwWGgWHg/NQ4vQMjwRWoUnQ+vwVGgTng5twzOhXXg2tA/PhQ7h+dAxvBA6hc6hS3gxdA0vhW6he0gNPULP8HLoFXqHPqFv6BdeCf3Dq2FAeC0MDIPC4PB6GBLeCEPDm2FYGB5GhLfCyDAqjA5jwtgwLowPb4cJ4Z0wMbwbJoXJYUqYGqaF6WFGeC/MDLPC7PB+mBM+CHPDvDA/LAgLw4dhUVgc0sJHYUn4OCwNy8LysCKsDKvC6rAmrA3rwvqwIWwMm8LmsCVsDZ+EbWF72BF2hl1hd9gTPg17w2dhX/g87A9fhAPhT+Fg+DIcCl+Fw+HrcCR8E46Gb8Ox8F04Hr4PJ8LJcCr8EE6HH8OZcDacCz+F8+HncCH8Ei7K/6wJIYQQQvxN9B8c7/FXvqd+G5f0BICrt+c+/J/X3Jjjz/PeKk+rBAA83b3jQ/82qlRJTU397bFLNUQF5gFA4nL+r3+W+y1eBi3hSWgDLaDEX62vt+p8nv9g/eStAJn/Q04KXI4vr3/zf7H+Y0+MWFQ6Ppftv1l/HkChApdzMsHl+PL6Jf+L9XM2+4P6M305HqD5f8jJApfjy+sXh8fhGWjzF48UQgghhBBCCCH+rLcq1/6Prp8vXZ/nMZdzMsLl+I+uz4UQQgghhBBCCHHlPde5y1OPtWnTor1MZCITmfz75Eq/MgkhhBBCCCH+0S6f9F/pSoQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiPTrn/FxYld6j0IIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIcSV9v8CAAD//4H6O6c=")
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r0, 0x541b, 0x0)

981.295063ms ago: executing program 3 (id=1246):
syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000080)='./file0\x00', 0x40, &(0x7f00000000c0)=ANY=[], 0x4, 0xf99, &(0x7f0000001400)="$eJzs3UFsHNUZAOA3612vHZt4DRQMlJBCKwIFOySRmt6CQL1UQlx6B4WERhiKGlqJCIjpAVEJUSTEqeIA4kKplCIVCVSpQj21PbXqqe0F9UKlKpWCemiRElex36x3xzvZ9Xh3dtf7fdK/z2/e7Pz/2Jt4Zjz7NgATq7LxeOzYUhLCW5+8+fCLTyQfXV12R3ONgxuPSew1Qgi1ln6S2d5nccHlSy+c7NQm4cjGY9oPj1xsPncuhLAWDoZPQyN8sLL6xftvP3Tow1dmbnr93FMvDWj3m7L7AQAAe9GFP67+7Z5//uG+xS8vHDgR6s3l6fF5I/bn4nH/4XignB4vV0J7P2mJVtOZ9aZiVDLrTWXWq2byVHPy1TLbqeWsN90l31TLsk77CQAAAOMoPa9thKSy3NavVJaXN8/7r/psYTpZfubM6umzQyoUAAAAKOw/5zduuh3jmBmBGkQ2ZtMX2M6e98F3d/6cXUWl5HzVkvNNTBR7vQkhhBBC9C8m5HikPgI1iOKxvlDixQYAAACADvOFbbPW35m6mltr9Jb/4oOVzs+HPsi8/rZPO9Hn1/+1889sX6HU/B0MPn9tyPmvuf/vvex/HAAAiturR5PpfqXH0ek8Btl5BKfanjU3tdPzj0pmO9Ud1pk3r+C4zDeYV+dUyXUUlVf/Tn+Ow5JXf3Y+zFGVV392ns5RlVd/veQ6isqrv8OVnzCK/6zz6p8tuY6i8urfV3IdReXVP1dyHUXl1T9fch1F5dV/Xcl1FJVX//6S6ygqr/5xua02r/5GyXUUlVf/4mYz8ocRefVfX3IdReXVf0PJdRSVV/+NJdcxLLfHNv0+HMhZb67Dwd/IHQwCAAAAHf1v7Of/m9CojkANQggx9vHy5i/D9uUzHZaJXUVlBGoYVMx2eg2JXUbN91QIIQYS54d36QEAAAAYEen7AtJ3va9H6fjUtvG/v3v1MR2vto7PbG0gHa912f50l/F6l3EAAAAghN+8evqWN5Kt+e6y7+nf6Xx46bxRs+GjK6HAPEbZ+Qh3mn+3857tNn/nCUfGZTY2AAAA9qrkO59euffhd55b/PLCgRMtZ79X4vluOg9oNV4b+Dj20/sC5jP9JD2HPtGep5KzXvb6wHV523t0lzsKAAAAEyw9f2+EpLLcct7dCJXK8vLW+fhSqCWnz6yeOhz76eez/H6hVr+6/IGS6wYAAAB6t3W+3/n8P/0c36UwnSw/c2b19NnN/nxzea3Sel1gYWt50npdoJFZfiRn+dHYj5/fGb6/MLuxfPnkD1af6PfOAwAAwIQ4+/y5px5fXT31w8n5ohpC2NV2wijshS98MdAvhv0/EwAA0G+ff/5m7UdH53+7+f7/rfnvrsQvDsZ+I87t96e4PL1PIH0fwLb36z/Wnmchb71n29drZNabilHP1D3Tsp2wMd9g+/MW8/I12rcznZNvLpNvPpMvO09BNbN+0mEuwdBhJsB0vYXM8uw8jNVMjiST/84OuQAAACC18tzTz66cff7c/WeefvzJU0+eeubokePfPn788APfemBl477+lda7+wEAAIBxtHXT77ArAQAAAAAAAAAAAAAAAAAAgMlVxseJDXsfAQAAYNL9+3wIYU2InEg/YHDYdYx7JCNQw+BivT78GvZ2BP8OhRBCCLHLGO5530x5xzJ/dex0jVhfz37SPAAAAMBgXb70wsnWdpu1pK/5mltrbDZXYt60nb//L4tXI13t4oPt10v29bUaJl3Zr3/5RzV/veP4ey/3N//GhfjGVr/7/3+V9g2c2Hisxt5sr3nvXvnFUjN/COHWao/5s/v/aK8Z2x3K5L879JZ//Z1M/sfaepVe89+Tyb+vx/zb9v/ZvAwz18x/b8y/FPuH7uo1f/su1jPZen0BfDOz/0+EXvNn9r/RY8KM+2J+AJhEzd/m6+eHW0ifpUcJ6fH0XOyn+5sesGbvftjp8X8ls53qritv3256HHRz7DeP6tba86Z2Wn/6fZmP7XUF68wal7tK8urv189x0PLqr5VcR1F59U+XXEdRefV3PnsfPXn1t5w9jvSu5NXf84WIIcurf1yuK+fVP1dyHUXl1T9fch1F5dW/09/jw5JX//6S6ygqr/6FkusoKq/+gpfVSpdX/2LJdRSVV//1JddRVF79N5RcR1F59d9Ych3Dclts886H0/PPhTiW9huZfr3D97LnP4YAAAAAA/WvkZz/r+XKwdBrEUI0ozICNQjREtMjUIMYnZgagRqEGOf47/qmYdchhBhcrK8P8+oDw5aM0b3iAPTPYGezYNT5+U82P//J5ufPtaR/iU8y/dRUl/Fql/Fal/HpzHiSeWI9bzy6IbPd9fS6ZnRjl/GvxD3IG9+fef6PM+M3d9n+UpfxW7qM39pl/LYu4wAAAEyGm2Lr/BAAAAD2rhd/+fFrv777sUuLX144cCJMb5t3/nDs1+Pf1l+N/ey896la/Jv/T2L/3dj+Lrb/yKzv/hMAAAAYvPRzYvz9HwAAAPau9HNKnf8DAADA3rUYW+f/AAAAsHddH1vn/wAAALCHJTOdF8c2vS5wZ2x7ndcPABh9X43t7bE9ENs7Yvu12KbHAXfF9usl1QcA9M/Pv/fT428kW/P9H82MX47L03abtc0rBUmlfSb/2djui+03eqwn+3kAveZP7e8xz6DyL+wyPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwd1Q2Ho8dW0pCeOuTNx/+2fRrf7667I7mGgc3HpPYa4QQas3npaNb/V/FFS9feuFka3sltkk4EpKQNJeHRy42M82FENbCwfBpaIQPVla/eP/thw59+MrMTa+fe+qlAX4L2vYPAAAA9qL/BwAA//+oUhUS")
r0 = open(&(0x7f0000000140)='./file0\x00', 0x400, 0x105)
mknodat$loop(r0, &(0x7f0000001600)='./bus\x00', 0x0, 0x0)

919.173096ms ago: executing program 2 (id=1247):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), r0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r1, @ANYBLOB="010000020c00fbdbdf25010000000800020000000000050005000000000008000300010000004800018005000200200000000600010002000000080006000a000000080003"], 0x84}}, 0x0)

584.118385ms ago: executing program 1 (id=1248):
kexec_load(0x0, 0x1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x41000000}], 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000500)='/sys/kernel/kexec_crash_size', 0x202, 0x0)
write$cgroup_int(r0, &(0x7f0000000000)=0x1, 0x12)

440.920121ms ago: executing program 2 (id=1249):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000100)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=")
capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080))
openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x149000, 0x4)

284.366779ms ago: executing program 3 (id=1250):
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000180)={0x0, 0x4}, 0x2)
getsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, &(0x7f00000001c0), &(0x7f0000000700)=0x4)

52.976248ms ago: executing program 0 (id=1251):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000380)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @ib_path={0x0, r1, 0x1, 0x1, 0x3f00}}, 0x20)

0s ago: executing program 3 (id=1252):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x3, 0x1}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8ae8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000208500000001000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000140)='sys_exit\x00', r1}, 0x18)

kernel console output (not intermixed with test programs):

_pfx_queue_work_on+0x10/0x10
[  164.084711][ T5843]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  164.084750][ T5843]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  164.084783][ T5843]  ? f2fs_hw_is_readonly+0x39b/0x470
[  164.084818][ T5843]  f2fs_handle_critical_error+0x37c/0x540
[  164.084854][ T5843]  f2fs_write_end_io+0x495/0x810
[  164.084883][ T5843]  ? blkg_put+0x22/0x240
[  164.084930][ T5843]  __submit_merged_bio+0x27a/0x6a0
[  164.084966][ T5843]  __submit_merged_write_cond+0x255/0x530
[  164.085002][ T5843]  f2fs_write_data_pages+0x261d/0x3000
[  164.085079][ T5843]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  164.085127][ T5843]  ? kernel_text_address+0xa5/0xe0
[  164.085189][ T5843]  ? stack_depot_save_flags+0x40/0x900
[  164.085261][ T5843]  ? __lock_acquire+0xab9/0xd20
[  164.085309][ T5843]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  164.085340][ T5843]  do_writepages+0x32e/0x550
[  164.085387][ T5843]  ? do_raw_spin_unlock+0x122/0x240
[  164.085414][ T5843]  filemap_fdatawrite+0x199/0x240
[  164.085445][ T5843]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  164.085542][ T5843]  ? do_raw_spin_unlock+0x122/0x240
[  164.085569][ T5843]  f2fs_sync_dirty_inodes+0x31f/0x830
[  164.085621][ T5843]  f2fs_write_checkpoint+0x95a/0x1df0
[  164.085686][ T5843]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  164.085783][ T5843]  ? try_to_wake_up+0x7e5/0x1290
[  164.085813][ T5843]  ? kill_f2fs_super+0x298/0x6c0
[  164.085850][ T5843]  kill_f2fs_super+0x2c3/0x6c0
[  164.085888][ T5843]  ? __pfx_kill_f2fs_super+0x10/0x10
[  164.085915][ T5843]  ? radix_tree_delete_item+0x2b6/0x400
[  164.085955][ T5843]  ? shrinker_free+0x2ce/0x3e0
[  164.085983][ T5843]  deactivate_locked_super+0xbc/0x130
[  164.086012][ T5843]  cleanup_mnt+0x425/0x4c0
[  164.086037][ T5843]  ? lockdep_hardirqs_on+0x9c/0x150
[  164.086072][ T5843]  task_work_run+0x1d1/0x260
[  164.086098][ T5843]  ? __pfx_task_work_run+0x10/0x10
[  164.086117][ T5843]  ? __x64_sys_umount+0x122/0x160
[  164.086154][ T5843]  ? exit_to_user_mode_loop+0x40/0x110
[  164.086184][ T5843]  exit_to_user_mode_loop+0xec/0x110
[  164.086210][ T5843]  do_syscall_64+0x2bd/0x3b0
[  164.086227][ T5843]  ? lockdep_hardirqs_on+0x9c/0x150
[  164.086257][ T5843]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.086277][ T5843]  ? clear_bhb_loop+0x60/0xb0
[  164.086303][ T5843]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.086323][ T5843] RIP: 0033:0x7fb78e58fc57
[  164.086342][ T5843] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  164.086358][ T5843] RSP: 002b:00007ffcbd2a2d98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  164.086380][ T5843] RAX: 0000000000000000 RBX: 00007fb78e610925 RCX: 00007fb78e58fc57
[  164.086394][ T5843] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcbd2a2e50
[  164.086406][ T5843] RBP: 00007ffcbd2a2e50 R08: 0000000000000000 R09: 0000000000000000
[  164.086418][ T5843] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcbd2a3ee0
[  164.086431][ T5843] R13: 00007fb78e610925 R14: 000000000002807f R15: 00007ffcbd2a3f20
[  164.086468][ T5843]  </TASK>
[  164.300310][ T5843] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  164.543044][ T7458] ocfs2: Slot 0 on device (7,1) was already allocated to this node!
[  164.635102][ T7458] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  164.814578][ T5829] ocfs2: Unmounting device (7,1) on (node local)
[  164.847799][ T7479] loop0: detected capacity change from 0 to 256
[  164.896302][ T7479] exfat: Deprecated parameter 'namecase'
[  164.938893][ T7479] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xec8a951c, utbl_chksum : 0xe619d30d)
[  165.838371][ T7496] loop4: detected capacity change from 0 to 4096
[  165.935172][ T7502] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  166.268567][ T7486] loop3: detected capacity change from 0 to 32768
[  166.326745][ T7486] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.491 (7486)
[  166.420244][ T7486] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  166.457209][ T7486] BTRFS info (device loop3): using sha256 (sha256-x86_64) checksum algorithm
[  166.467537][ T7486] BTRFS info (device loop3): using free-space-tree
[  166.594044][ T7486] BTRFS info (device loop3): rebuilding free space tree
[  166.636569][   T43] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  166.664315][   T43] hid-generic 0000:0000:0000.0008: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  166.711697][   T30] audit: type=1800 audit(1751316368.837:24): pid=7486 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.491" name="file1" dev="loop3" ino=260 res=0 errno=0
[  166.782009][ T7538] fido_id[7538]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  166.903938][ T5831] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  167.271916][ T7521] loop1: detected capacity change from 0 to 32768
[  167.313592][ T7521] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.504 (7521)
[  167.377941][ T7521] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  167.429529][ T7521] BTRFS info (device loop1): using sha256 (sha256-x86_64) checksum algorithm
[  167.479694][ T7521] BTRFS info (device loop1): using free-space-tree
[  167.815244][ T5829] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  167.932530][ T7540] loop4: detected capacity change from 0 to 32768
[  167.984974][ T7542] loop3: detected capacity change from 0 to 32768
[  168.039777][ T7542] (syz.3.507,7542,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  168.064419][ T7542] (syz.3.507,7542,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  168.132259][ T7540] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  168.259151][ T7542] JBD2: Ignoring recovery information on journal
[  168.283955][ T7540] XFS (loop4): Ending clean mount
[  168.341096][ T7542] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  168.377102][ T7540] XFS (loop4): Quotacheck needed: Please wait.
[  168.400323][ T5925] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  168.469402][ T7540] XFS (loop4): Quotacheck: Done.
[  168.558014][ T5831] ocfs2: Unmounting device (7,3) on (node local)
[  168.574019][ T5843] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  168.577257][ T5925] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  168.604479][ T5925] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  168.623808][ T5925] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  168.687979][ T5925] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  168.760887][ T7582] netlink: 100 bytes leftover after parsing attributes in process `syz.0.516'.
[  168.772946][ T5925] usb 3-1: config 0 descriptor??
[  169.187662][ T7588] loop0: detected capacity change from 0 to 512
[  169.216863][ T7588] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  169.229923][ T5925] kovaplus 0003:1E7D:2D50.0009: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.2-1/input0
[  169.265502][ T7588] EXT4-fs (loop0): 1 truncate cleaned up
[  169.308205][ T7588] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  169.394453][ T7580] loop1: detected capacity change from 0 to 40427
[  169.402886][ T5925] kovaplus 0003:1E7D:2D50.0009: couldn't init struct kovaplus_device
[  169.453128][ T7580] F2FS-fs (loop1): invalid crc value
[  169.458710][ T5925] kovaplus 0003:1E7D:2D50.0009: couldn't install mouse
[  169.506405][ T5925] kovaplus 0003:1E7D:2D50.0009: probe with driver kovaplus failed with error -71
[  169.574264][ T5925] usb 3-1: USB disconnect, device number 4
[  169.609365][ T5830] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.697381][ T7580] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  169.961642][ T5829] syz-executor: attempt to access beyond end of device
[  169.961642][ T5829] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  170.008480][ T5829] CPU: 1 UID: 0 PID: 5829 Comm: syz-executor Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  170.008511][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  170.008525][ T5829] Call Trace:
[  170.008533][ T5829]  <TASK>
[  170.008542][ T5829]  dump_stack_lvl+0x189/0x250
[  170.008583][ T5829]  ? __pfx_dump_stack_lvl+0x10/0x10
[  170.008612][ T5829]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  170.008642][ T5829]  ? __pfx_queue_work_on+0x10/0x10
[  170.008673][ T5829]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  170.008702][ T5829]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  170.008734][ T5829]  ? f2fs_hw_is_readonly+0x39b/0x470
[  170.008766][ T5829]  f2fs_handle_critical_error+0x37c/0x540
[  170.008800][ T5829]  f2fs_write_end_io+0x495/0x810
[  170.008828][ T5829]  ? blkg_put+0x22/0x240
[  170.008869][ T5829]  __submit_merged_bio+0x27a/0x6a0
[  170.008902][ T5829]  __submit_merged_write_cond+0x255/0x530
[  170.008935][ T5829]  f2fs_write_data_pages+0x261d/0x3000
[  170.009001][ T5829]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  170.009090][ T5829]  ? folios_put_refs+0x559/0x640
[  170.009129][ T5829]  ? __lock_acquire+0xab9/0xd20
[  170.009163][ T5829]  ? do_raw_spin_lock+0x121/0x290
[  170.009202][ T5829]  ? do_raw_spin_unlock+0x122/0x240
[  170.009222][ T5829]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  170.009253][ T5829]  do_writepages+0x32e/0x550
[  170.009295][ T5829]  ? do_raw_spin_unlock+0x122/0x240
[  170.009320][ T5829]  filemap_fdatawrite+0x199/0x240
[  170.009350][ T5829]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  170.009432][ T5829]  ? do_raw_spin_unlock+0x122/0x240
[  170.009457][ T5829]  f2fs_sync_dirty_inodes+0x31f/0x830
[  170.009504][ T5829]  f2fs_write_checkpoint+0x95a/0x1df0
[  170.009561][ T5829]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  170.009633][ T5829]  ? try_to_wake_up+0x7e5/0x1290
[  170.009660][ T5829]  ? kill_f2fs_super+0x298/0x6c0
[  170.009697][ T5829]  kill_f2fs_super+0x2c3/0x6c0
[  170.009734][ T5829]  ? __pfx_kill_f2fs_super+0x10/0x10
[  170.009763][ T5829]  ? radix_tree_delete_item+0x2b6/0x400
[  170.009801][ T5829]  ? shrinker_free+0x2ce/0x3e0
[  170.009830][ T5829]  deactivate_locked_super+0xbc/0x130
[  170.009863][ T5829]  cleanup_mnt+0x425/0x4c0
[  170.009887][ T5829]  ? lockdep_hardirqs_on+0x9c/0x150
[  170.009921][ T5829]  task_work_run+0x1d1/0x260
[  170.009946][ T5829]  ? __pfx_task_work_run+0x10/0x10
[  170.009965][ T5829]  ? __x64_sys_umount+0x122/0x160
[  170.010001][ T5829]  ? exit_to_user_mode_loop+0x40/0x110
[  170.010030][ T5829]  exit_to_user_mode_loop+0xec/0x110
[  170.010055][ T5829]  do_syscall_64+0x2bd/0x3b0
[  170.010072][ T5829]  ? lockdep_hardirqs_on+0x9c/0x150
[  170.010101][ T5829]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.010121][ T5829]  ? clear_bhb_loop+0x60/0xb0
[  170.010146][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.010166][ T5829] RIP: 0033:0x7fc6b778fc57
[  170.010186][ T5829] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  170.010210][ T5829] RSP: 002b:00007ffc3298b928 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  170.010232][ T5829] RAX: 0000000000000000 RBX: 00007fc6b7810925 RCX: 00007fc6b778fc57
[  170.010246][ T5829] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc3298b9e0
[  170.010259][ T5829] RBP: 00007ffc3298b9e0 R08: 0000000000000000 R09: 0000000000000000
[  170.010271][ T5829] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc3298ca70
[  170.010285][ T5829] R13: 00007fc6b7810925 R14: 000000000002975b R15: 00007ffc3298cab0
[  170.010318][ T5829]  </TASK>
[  170.403647][ T7612] loop4: detected capacity change from 0 to 256
[  170.444389][ T5829] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  170.461399][ T7612] FAT-fs (loop4): IO charset cpush not found
[  170.477308][ T7612] smb3: Unexpected value for 'acl'
[  170.978847][ T7635] netlink: 'syz.0.537': attribute type 1 has an invalid length.
[  171.047542][ T7637] loop4: detected capacity change from 0 to 1024
[  171.302160][   T12] hfsplus: b-tree write err: -5, ino 4
[  171.687566][ T7647] loop4: detected capacity change from 0 to 128
[  171.739312][ T7647] EXT4-fs: Ignoring removed nomblk_io_submit option
[  171.788433][ T7647] EXT4-fs: Ignoring removed nomblk_io_submit option
[  171.820143][ T7647] EXT4-fs (loop4): Test dummy encryption mode enabled
[  171.877522][ T7647] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  171.935392][ T7632] loop3: detected capacity change from 0 to 32768
[  171.966840][ T7647] ext4 filesystem being mounted at mnt:[4026532808] supports timestamps until 2038-01-19 (0x7fffffff)
[  172.046836][ T7647] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  172.077596][ T7632] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  172.234713][ T7632] XFS (loop3): Ending clean mount
[  172.394488][ T5831] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  172.820998][ T7651] loop1: detected capacity change from 0 to 32768
[  172.866318][ T7651] ocfs2: Slot 0 on device (7,1) was already allocated to this node!
[  172.974728][ T7651] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  172.984985][ T7650] loop0: detected capacity change from 0 to 32768
[  173.016743][ T7650] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.543 (7650)
[  173.066740][ T7650] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  173.093099][ T7650] BTRFS info (device loop0): using sha256 (sha256-x86_64) checksum algorithm
[  173.122808][ T7650] BTRFS info (device loop0): using free-space-tree
[  173.346189][ T7650] BTRFS info (device loop0): rebuilding free space tree
[  173.504010][ T5829] ocfs2: Unmounting device (7,1) on (node local)
[  173.832371][ T5830] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  174.007339][ T7711] IPVS: sync thread started: state = MASTER, mcast_ifn = bond_slave_0, syncid = 2, id = 0
[  174.037199][ T7712] netlink: 16 bytes leftover after parsing attributes in process `syz.1.561'.
[  174.607663][ T7679] loop3: detected capacity change from 0 to 32768
[  174.734375][ T7679] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  174.928842][ T7679] XFS (loop3): Ending clean mount
[  174.985349][ T7747] loop4: detected capacity change from 0 to 256
[  174.993380][ T7679] XFS (loop3): Quotacheck needed: Please wait.
[  175.023146][ T7747] exfat: Deprecated parameter 'utf8'
[  175.109393][ T7746] loop2: detected capacity change from 0 to 4096
[  175.128886][ T7679] XFS (loop3): Quotacheck: Done.
[  175.130279][ T7747] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  175.266158][ T7753] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  175.365356][ T7755] loop1: detected capacity change from 0 to 256
[  175.384109][ T5831] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  175.437650][ T7755] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  175.930170][ T7765] tipc: Enabling of bearer <dth:v> rejected, media not registered
[  176.149708][ T7776] loop3: detected capacity change from 0 to 128
[  176.238220][ T7781] loop2: detected capacity change from 0 to 2048
[  176.286788][ T7784] tracefs: Bad value for 'uid'
[  176.291811][ T7784] tracefs: Bad value for 'uid'
[  176.321172][ T7776] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  176.334207][ T7776] ext4 filesystem being mounted at /106/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  176.449575][ T5840]  loop2: p3 p4 < >
[  176.522068][ T7781]  loop2: p3 p4 < >
[  176.594298][ T5831] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  176.769546][ T7795] loop3: detected capacity change from 0 to 64
[  176.912783][ T6114] udevd[6114]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  176.922242][ T5840] udevd[5840]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[  177.092195][ T5840] udevd[5840]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[  177.094373][ T6008] udevd[6008]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  177.122958][ T7799] nfs: Unknown parameter 'smackfsdef'
[  177.477264][   T30] audit: type=1326 audit(1751316379.597:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7806 comm="syz.1.599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6b778e929 code=0x7ffc0000
[  177.571964][   T30] audit: type=1326 audit(1751316379.647:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7806 comm="syz.1.599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fc6b778e929 code=0x7ffc0000
[  177.593943][    C1] vkms_vblank_simulate: vblank timer overrun
[  177.601533][   T30] audit: type=1326 audit(1751316379.647:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7806 comm="syz.1.599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6b778e929 code=0x7ffc0000
[  177.635959][ T7811] loop3: detected capacity change from 0 to 128
[  177.637782][ T7791] loop0: detected capacity change from 0 to 32768
[  177.653541][   T30] audit: type=1326 audit(1751316379.647:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7806 comm="syz.1.599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6b778e929 code=0x7ffc0000
[  177.718288][ T7811] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  177.718390][   T30] audit: type=1326 audit(1751316379.647:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7806 comm="syz.1.599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=77 compat=0 ip=0x7fc6b778e929 code=0x7ffc0000
[  177.756180][   T30] audit: type=1326 audit(1751316379.647:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7806 comm="syz.1.599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6b778e929 code=0x7ffc0000
[  177.789938][   T43] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[  177.805742][ T7791] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  177.808547][   T30] audit: type=1326 audit(1751316379.647:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7806 comm="syz.1.599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6b778e929 code=0x7ffc0000
[  177.830251][ T7811] ext4 filesystem being mounted at /110/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  177.897291][ T7792] loop4: detected capacity change from 0 to 40427
[  177.966804][ T7792] F2FS-fs (loop4): invalid crc value
[  177.972142][   T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  177.972181][   T43] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  177.972225][   T43] usb 3-1: New USB device found, idVendor=05ac, idProduct=0264, bcdDevice= 0.00
[  177.972249][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  178.017786][   T43] usb 3-1: config 0 descriptor??
[  178.039724][ T7809] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  178.086082][ T7791] XFS (loop0): Ending clean mount
[  178.098628][ T5831] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  178.105076][ T7791] XFS (loop0): Quotacheck needed: Please wait.
[  178.288374][ T7791] XFS (loop0): Quotacheck: Done.
[  178.425558][ T7792] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  178.485479][ T5830] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  178.495532][   T43] apple 0003:05AC:0264.000A: unbalanced delimiter at end of report description
[  178.545278][   T30] audit: type=1800 audit(1751316380.657:32): pid=7792 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.591" name="bus" dev="loop4" ino=10 res=0 errno=0
[  178.586146][   T43] apple 0003:05AC:0264.000A: parse failed
[  178.610609][   T43] apple 0003:05AC:0264.000A: probe with driver apple failed with error -22
[  178.687325][ T5843] syz-executor: attempt to access beyond end of device
[  178.687325][ T5843] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  178.715920][   T43] usb 3-1: USB disconnect, device number 5
[  178.746230][ T5843] CPU: 1 UID: 0 PID: 5843 Comm: syz-executor Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  178.746259][ T5843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  178.746271][ T5843] Call Trace:
[  178.746280][ T5843]  <TASK>
[  178.746289][ T5843]  dump_stack_lvl+0x189/0x250
[  178.746326][ T5843]  ? __pfx_dump_stack_lvl+0x10/0x10
[  178.746353][ T5843]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  178.746398][ T5843]  ? __pfx_queue_work_on+0x10/0x10
[  178.746440][ T5843]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  178.746469][ T5843]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  178.746499][ T5843]  ? f2fs_hw_is_readonly+0x39b/0x470
[  178.746532][ T5843]  f2fs_handle_critical_error+0x37c/0x540
[  178.746567][ T5843]  f2fs_write_end_io+0x495/0x810
[  178.746595][ T5843]  ? blkg_put+0x22/0x240
[  178.746641][ T5843]  __submit_merged_bio+0x27a/0x6a0
[  178.746678][ T5843]  __submit_merged_write_cond+0x255/0x530
[  178.746717][ T5843]  f2fs_write_data_pages+0x261d/0x3000
[  178.746792][ T5843]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  178.746838][ T5843]  ? arch_stack_walk+0xfc/0x150
[  178.746905][ T5843]  ? __mod_zone_page_state+0xd7/0x140
[  178.746951][ T5843]  ? folios_put_refs+0x560/0x640
[  178.746993][ T5843]  ? __lock_acquire+0xab9/0xd20
[  178.747042][ T5843]  ? do_raw_spin_lock+0x121/0x290
[  178.747078][ T5843]  ? do_raw_spin_unlock+0x122/0x240
[  178.747099][ T5843]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  178.747129][ T5843]  do_writepages+0x32e/0x550
[  178.747178][ T5843]  ? do_raw_spin_unlock+0x122/0x240
[  178.747205][ T5843]  filemap_fdatawrite+0x199/0x240
[  178.747236][ T5843]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  178.747327][ T5843]  ? do_raw_spin_unlock+0x122/0x240
[  178.747371][ T5843]  f2fs_sync_dirty_inodes+0x31f/0x830
[  178.747430][ T5843]  f2fs_write_checkpoint+0x95a/0x1df0
[  178.747492][ T5843]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  178.747574][ T5843]  ? try_to_wake_up+0x7e5/0x1290
[  178.747604][ T5843]  ? kill_f2fs_super+0x298/0x6c0
[  178.747644][ T5843]  kill_f2fs_super+0x2c3/0x6c0
[  178.747685][ T5843]  ? __pfx_kill_f2fs_super+0x10/0x10
[  178.747713][ T5843]  ? radix_tree_delete_item+0x2b6/0x400
[  178.747754][ T5843]  ? shrinker_free+0x2ce/0x3e0
[  178.747783][ T5843]  deactivate_locked_super+0xbc/0x130
[  178.747815][ T5843]  cleanup_mnt+0x425/0x4c0
[  178.747842][ T5843]  ? lockdep_hardirqs_on+0x9c/0x150
[  178.747879][ T5843]  task_work_run+0x1d1/0x260
[  178.747907][ T5843]  ? __pfx_task_work_run+0x10/0x10
[  178.747927][ T5843]  ? __x64_sys_umount+0x122/0x160
[  178.747966][ T5843]  ? exit_to_user_mode_loop+0x40/0x110
[  178.747997][ T5843]  exit_to_user_mode_loop+0xec/0x110
[  178.748024][ T5843]  do_syscall_64+0x2bd/0x3b0
[  178.748043][ T5843]  ? lockdep_hardirqs_on+0x9c/0x150
[  178.748074][ T5843]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.748096][ T5843]  ? clear_bhb_loop+0x60/0xb0
[  178.748123][ T5843]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.748143][ T5843] RIP: 0033:0x7fb78e58fc57
[  178.748164][ T5843] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  178.748182][ T5843] RSP: 002b:00007ffcbd2a2d98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  178.748206][ T5843] RAX: 0000000000000000 RBX: 00007fb78e610925 RCX: 00007fb78e58fc57
[  178.748220][ T5843] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcbd2a2e50
[  178.748233][ T5843] RBP: 00007ffcbd2a2e50 R08: 0000000000000000 R09: 0000000000000000
[  178.748245][ T5843] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcbd2a3ee0
[  178.748259][ T5843] R13: 00007fb78e610925 R14: 000000000002b976 R15: 00007ffcbd2a3f20
[  178.748295][ T5843]  </TASK>
[  178.748305][ T5843] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  179.145674][ T7836] loop0: detected capacity change from 0 to 256
[  179.290772][ T7829] loop3: detected capacity change from 0 to 32768
[  179.724716][ T7844] loop0: detected capacity change from 0 to 256
[  179.804699][ T7844] exfat: Deprecated parameter 'namecase'
[  179.877512][ T7844] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  180.151220][   T43] usb 2-1: new full-speed USB device number 7 using dummy_hcd
[  180.196168][ T7854] loop2: detected capacity change from 0 to 128
[  180.275707][   T30] audit: type=1800 audit(1751316382.397:33): pid=7854 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.617" name="file1" dev="loop2" ino=1048666 res=0 errno=0
[  180.296422][    C1] vkms_vblank_simulate: vblank timer overrun
[  180.344291][   T43] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  180.375911][   T43] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  180.389554][ T7854] syz.2.617: attempt to access beyond end of device
[  180.389554][ T7854] loop2: rw=2049, sector=140, nr_sectors = 8 limit=128
[  180.408401][   T43] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  180.444467][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  180.458456][ T7854] syz.2.617: attempt to access beyond end of device
[  180.458456][ T7854] loop2: rw=2049, sector=156, nr_sectors = 1 limit=128
[  180.471055][ T7862] netlink: 'syz.0.620': attribute type 11 has an invalid length.
[  180.490942][   T43] usb 2-1: config 0 descriptor??
[  180.495823][ T7854] Buffer I/O error on dev loop2, logical block 156, lost async page write
[  180.506150][   T43] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  180.511435][ T7854] syz.2.617: attempt to access beyond end of device
[  180.511435][ T7854] loop2: rw=2049, sector=157, nr_sectors = 1 limit=128
[  180.525917][   T43] dvb-usb: bulk message failed: -22 (3/0)
[  180.532315][ T7854] Buffer I/O error on dev loop2, logical block 157, lost async page write
[  180.553096][   T43] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  180.580282][ T7854] syz.2.617: attempt to access beyond end of device
[  180.580282][ T7854] loop2: rw=2049, sector=158, nr_sectors = 1 limit=128
[  180.596039][   T43] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  180.606761][   T43] usb 2-1: media controller created
[  180.633433][   T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  180.673451][ T7854] Buffer I/O error on dev loop2, logical block 158, lost async page write
[  180.686486][   T43] dvb-usb: bulk message failed: -22 (6/0)
[  180.700900][ T7854] syz.2.617: attempt to access beyond end of device
[  180.700900][ T7854] loop2: rw=2049, sector=159, nr_sectors = 1 limit=128
[  180.721712][   T43] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  180.730786][ T7850] dvb-usb: bulk message failed: -22 (25/0)
[  180.768729][   T43] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input9
[  180.795638][ T7854] Buffer I/O error on dev loop2, logical block 159, lost async page write
[  180.807218][   T43] dvb-usb: schedule remote query interval to 150 msecs.
[  180.814499][   T43] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  180.829385][   T43] usb 2-1: USB disconnect, device number 7
[  180.855790][ T7854] syz.2.617: attempt to access beyond end of device
[  180.855790][ T7854] loop2: rw=2049, sector=160, nr_sectors = 1 limit=128
[  180.896600][ T7854] Buffer I/O error on dev loop2, logical block 160, lost async page write
[  180.930133][ T7854] syz.2.617: attempt to access beyond end of device
[  180.930133][ T7854] loop2: rw=2049, sector=161, nr_sectors = 1 limit=128
[  180.936758][ T7870] loop0: detected capacity change from 0 to 2048
[  180.972784][ T7854] Buffer I/O error on dev loop2, logical block 161, lost async page write
[  180.999463][ T7874] netlink: 32 bytes leftover after parsing attributes in process `syz.4.625'.
[  181.000229][   T43] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  181.030801][ T7873] netlink: 8 bytes leftover after parsing attributes in process `syz.3.626'.
[  181.040517][ T7854] syz.2.617: attempt to access beyond end of device
[  181.040517][ T7854] loop2: rw=2049, sector=132, nr_sectors = 1 limit=128
[  181.065060][ T7854] Buffer I/O error on dev loop2, logical block 132, lost async page write
[  181.074210][ T7875] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  181.081989][ T7873] IPVS: Error joining to the multicast group
[  181.093212][ T7854] syz.2.617: attempt to access beyond end of device
[  181.093212][ T7854] loop2: rw=2049, sector=133, nr_sectors = 1 limit=128
[  181.111740][ T7854] Buffer I/O error on dev loop2, logical block 133, lost async page write
[  181.121397][ T7854] Buffer I/O error on dev loop2, logical block 150, lost async page write
[  181.131770][ T7854] Buffer I/O error on dev loop2, logical block 151, lost async page write
[  181.543563][ T7885] loop1: detected capacity change from 0 to 1024
[  181.768721][ T7887] loop4: detected capacity change from 0 to 4096
[  181.840403][ T7887] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512).
[  181.854021][ T7892] loop2: detected capacity change from 0 to 4096
[  181.892774][ T7887] ntfs3(loop4): Failed to load $Extend (-22).
[  181.934171][ T7887] ntfs3(loop4): Failed to initialize $Extend.
[  182.465874][ T7911] mkiss: ax0: crc mode is auto.
[  182.494273][ T7913] netlink: 16 bytes leftover after parsing attributes in process `syz.0.645'.
[  182.530628][    T9] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  182.546913][ T7913] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  182.711796][    T9] usb 5-1: Using ep0 maxpacket: 8
[  182.762219][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  182.791297][    T9] usb 5-1: New USB device found, idVendor=04b4, idProduct=0001, bcdDevice= 0.00
[  182.826050][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  182.837348][    T9] usb 5-1: config 0 descriptor??
[  183.003149][ T7929] loop0: detected capacity change from 0 to 512
[  183.057568][ T7929] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  183.151025][ T7929] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  183.174914][ T7929] EXT4-fs (loop0): 1 truncate cleaned up
[  183.185275][ T7929] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  183.263283][ T5830] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  183.300693][    T9] cypress 0003:04B4:0001.000B: hidraw0: USB HID v0.00 Device [HID 04b4:0001] on usb-dummy_hcd.4-1/input0
[  183.512381][    T9] usb 5-1: USB disconnect, device number 5
[  183.766264][ T7950] loop1: detected capacity change from 0 to 512
[  183.796571][ T7950] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  183.826569][ T7950] EXT4-fs (loop1): 1 truncate cleaned up
[  183.886097][ T7950] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  183.952099][ T7937] loop3: detected capacity change from 0 to 32768
[  184.027636][ T7937] JBD2: Ignoring recovery information on journal
[  184.094182][ T5829] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  184.210582][ T7937] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  184.312215][ T7964] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in;
[  184.312215][ T7964]    program syz.4.666 not setting count and/or reply_len properly
[  184.543403][ T5831] ocfs2: Unmounting device (7,3) on (node local)
[  184.991872][ T7959] loop0: detected capacity change from 0 to 40427
[  185.045760][ T7959] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  185.064229][ T7959] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  185.146249][ T7959] F2FS-fs (loop0): invalid crc value
[  185.159606][    T9] kernel write not supported for file /vcs1 (pid: 9 comm: kworker/0:0)
[  185.358127][ T5952] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[  185.513601][ T7959] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  185.537944][ T7959] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  185.541074][ T7966] loop1: detected capacity change from 0 to 40427
[  185.558452][ T5952] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  185.579569][ T5952] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.592188][ T7966] F2FS-fs (loop1): build fault injection rate: 690
[  185.613080][ T5952] usb 3-1: config 0 descriptor??
[  185.626511][ T5952] cp210x 3-1:0.0: cp210x converter detected
[  185.642902][ T7966] F2FS-fs (loop1): invalid crc value
[  186.004071][ T7966] F2FS-fs (loop1): Start checkpoint disabled!
[  186.052224][ T7966] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  186.070790][ T5952] usb 3-1: cp210x converter now attached to ttyUSB0
[  186.197980][   T12] bio_check_eod: 10 callbacks suppressed
[  186.198000][   T12] kworker/u8:0: attempt to access beyond end of device
[  186.198000][   T12] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  186.223243][   T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  186.223290][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  186.223310][   T12] Workqueue: writeback wb_workfn (flush-7:1)
[  186.223346][   T12] Call Trace:
[  186.223354][   T12]  <TASK>
[  186.223363][   T12]  dump_stack_lvl+0x189/0x250
[  186.223401][   T12]  ? __pfx_dump_stack_lvl+0x10/0x10
[  186.223429][   T12]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  186.223458][   T12]  ? __pfx_queue_work_on+0x10/0x10
[  186.223488][   T12]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  186.223517][   T12]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  186.223558][   T12]  ? f2fs_hw_is_readonly+0x39b/0x470
[  186.223591][   T12]  f2fs_handle_critical_error+0x37c/0x540
[  186.223626][   T12]  f2fs_write_end_io+0x495/0x810
[  186.223654][   T12]  ? blkg_put+0x22/0x240
[  186.223696][   T12]  __submit_merged_bio+0x27a/0x6a0
[  186.223728][   T12]  __submit_merged_write_cond+0x255/0x530
[  186.223762][   T12]  f2fs_write_data_pages+0x261d/0x3000
[  186.223826][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  186.223870][   T12]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  186.223940][   T12]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  186.223980][   T12]  ? trace_f2fs_writepages+0x7f/0x200
[  186.224007][   T12]  ? f2fs_write_node_pages+0x478/0x6e0
[  186.224043][   T12]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  186.224084][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  186.224112][   T12]  do_writepages+0x32e/0x550
[  186.224147][   T12]  ? reacquire_held_locks+0x127/0x1d0
[  186.224175][   T12]  ? writeback_sb_inodes+0x384/0x1010
[  186.224215][   T12]  __writeback_single_inode+0x145/0xff0
[  186.224244][   T12]  ? do_raw_spin_unlock+0x122/0x240
[  186.224270][   T12]  writeback_sb_inodes+0x6c7/0x1010
[  186.224330][   T12]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  186.224407][   T12]  ? rcu_is_watching+0x15/0xb0
[  186.224447][   T12]  wb_writeback+0x43b/0xaf0
[  186.224487][   T12]  ? queue_io+0x3d1/0x590
[  186.224520][   T12]  ? __pfx_wb_writeback+0x10/0x10
[  186.224566][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  186.224601][   T12]  wb_workfn+0x409/0xef0
[  186.224644][   T12]  ? __pfx_wb_workfn+0x10/0x10
[  186.224675][   T12]  ? __lock_acquire+0xab9/0xd20
[  186.224713][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  186.224747][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  186.224774][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  186.224801][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  186.224830][   T12]  process_scheduled_works+0xae1/0x17b0
[  186.224890][   T12]  ? __pfx_process_scheduled_works+0x10/0x10
[  186.224939][   T12]  worker_thread+0x8a0/0xda0
[  186.225009][   T12]  kthread+0x70e/0x8a0
[  186.225033][   T12]  ? __pfx_worker_thread+0x10/0x10
[  186.225059][   T12]  ? __pfx_kthread+0x10/0x10
[  186.225081][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  186.225108][   T12]  ? lockdep_hardirqs_on+0x9c/0x150
[  186.225136][   T12]  ? __pfx_kthread+0x10/0x10
[  186.225156][   T12]  ret_from_fork+0x3fc/0x770
[  186.225186][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[  186.225220][   T12]  ? __switch_to_asm+0x39/0x70
[  186.225239][   T12]  ? __switch_to_asm+0x33/0x70
[  186.225257][   T12]  ? __pfx_kthread+0x10/0x10
[  186.225278][   T12]  ret_from_fork_asm+0x1a/0x30
[  186.225317][   T12]  </TASK>
[  186.225660][   T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  186.296768][   T24] usb 3-1: USB disconnect, device number 6
[  186.789188][   T24] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  186.944458][   T24] cp210x 3-1:0.0: device disconnected
[  186.946641][ T7996] loop3: detected capacity change from 0 to 32768
[  187.010020][ T7996] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.678 (7996)
[  187.085573][ T7996] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  187.120821][ T7996] BTRFS info (device loop3): using sha256 (sha256-x86_64) checksum algorithm
[  187.129697][ T7996] BTRFS info (device loop3): using free-space-tree
[  187.219120][ T8020] loop0: detected capacity change from 0 to 22
[  187.226660][ T8020] MTD: Attempt to mount non-MTD device "/dev/loop0"
[  187.237087][ T8020] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  187.526910][ T7996] BTRFS info (device loop3): rebuilding free space tree
[  187.740731][ T5952] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  187.900793][ T5952] usb 2-1: Using ep0 maxpacket: 8
[  187.915132][ T5952] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  187.950395][ T5952] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.958445][ T5952] usb 2-1: Product: syz
[  187.969601][ T5831] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  187.990046][ T5952] usb 2-1: Manufacturer: syz
[  187.995860][ T5952] usb 2-1: SerialNumber: syz
[  188.008342][ T5952] usb 2-1: config 0 descriptor??
[  188.041162][ T5952] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  188.067500][ T5952] usb 2-1: setting power ON
[  188.105452][ T5952] dvb-usb: bulk message failed: -22 (2/0)
[  188.166723][ T5952] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  188.198477][ T5952] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  188.248933][ T5952] usb 2-1: media controller created
[  188.273720][ T8040] dvb-usb: bulk message failed: -22 (3/0)
[  188.295500][ T8040] cxusb: i2c wr: len=80 is too big!
[  188.295500][ T8040] 
[  188.354154][ T5952] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  188.416103][ T5952] usb 2-1: selecting invalid altsetting 6
[  188.423231][ T5952] usb 2-1: digital interface selection failed (-22)
[  188.444626][ T5952] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  188.454850][ T5952] usb 2-1: setting power OFF
[  188.472888][ T5952] dvb-usb: bulk message failed: -22 (2/0)
[  188.478975][ T5952] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  188.494604][ T5952] (NULL device *): no alternate interface
[  188.663940][ T5952] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  188.713040][ T5952] usb 2-1: USB disconnect, device number 8
[  188.867255][ T8073] loop2: detected capacity change from 0 to 512
[  188.964165][ T8073] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  189.074497][ T8073] ext4 filesystem being mounted at /158/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  189.182217][ T8086] netlink: 8 bytes leftover after parsing attributes in process `syz.3.709'.
[  189.218215][ T8073] Quota error (device loop2): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8
[  189.265313][ T8086] netlink: 12 bytes leftover after parsing attributes in process `syz.3.709'.
[  189.275679][ T8073] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  189.294818][ T8073] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.705: Failed to acquire dquot type 0
[  189.392255][ T5833] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  189.843518][ T8107] loop1: detected capacity change from 0 to 1764
[  190.003050][ T8111] loop3: detected capacity change from 0 to 512
[  190.025443][ T8111] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  190.070560][ T8111] EXT4-fs (loop3): 1 truncate cleaned up
[  190.077974][ T8111] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  190.369628][ T5831] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.603499][ T8129] loop4: detected capacity change from 0 to 64
[  190.784270][ T8099] loop2: detected capacity change from 0 to 32768
[  190.875179][ T8099] XFS (loop2): DAX unsupported by block device. Turning off DAX.
[  190.931508][ T8099] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  191.139529][ T8119] loop1: detected capacity change from 0 to 32768
[  191.194207][ T8099] XFS (loop2): Ending clean mount
[  191.244350][ T8099] XFS (loop2): Quotacheck needed: Please wait.
[  191.441343][ T2965] XFS (loop2): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xe0, xfs_cntbt block 0x10 
[  191.446077][ T8119] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  191.468112][ T8119]   allowing incompatible features above 0.0: (unknown version)
[  191.480174][ T8119]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  191.495014][ T8119] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[  191.503285][ T8119] bcachefs (loop1): initializing new filesystem
[  191.518945][ T8119] bcachefs (loop1): going read-write
[  191.529160][ T2965] XFS (loop2): Unmount and run xfs_repair
[  191.535016][ T2965] XFS (loop2): First 128 bytes of corrupted metadata buffer:
[  191.542601][ T2965] 00000000: 41 42 33 43 00 00 00 02 ff ff ff ff ff ff ff ff  AB3C............
[  191.552159][ T2965] 00000010: 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 10  ................
[  191.561641][ T2965] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb  ...^T.Lr......N.
[  191.572406][ T2965] 00000030: 00 00 00 00 20 bb 84 11 00 00 04 4e 00 00 00 02  .... ......N....
[  191.585713][ T2965] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00  ...`............
[  191.600140][ T8119] bcachefs (loop1): marking superblocks
[  191.619938][ T2965] 00000050: 00 00 00 00 00 00 07 00 00 00 00 00 00 00 00 00  ................
[  191.657873][ T2965] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  191.677770][ T8119] bcachefs (loop1): initializing freespace
[  191.700462][ T2965] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  191.747806][ T8119] bcachefs (loop1): done initializing freespace
[  191.770433][ T2965] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x290/0x470" at daddr 0x10 len 8 error 74
[  191.793183][ T8119] bcachefs (loop1): reading snapshots table
[  191.800231][ T8119] bcachefs (loop1): reading snapshots done
[  191.884079][ T8099] XFS (loop2): Quotacheck: Unsuccessful (Error -117): Disabling quotas.
[  192.002666][ T8119] bcachefs (loop1): done starting filesystem
[  192.136320][ T5833] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  192.180206][ T5833] XFS (loop2): Uncorrected metadata errors detected; please run xfs_repair.
[  192.609675][ T8164] loop4: detected capacity change from 0 to 32768
[  192.628038][ T5829] bcachefs (loop1): shutting down
[  192.640974][ T5829] bcachefs (loop1): going read-only
[  192.646246][ T5829] bcachefs (loop1): finished waiting for writes to stop
[  192.707940][ T8164] 
[  192.707940][ T8164]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  192.707940][ T8164] 
[  192.747260][ T5829] bcachefs (loop1): flushing journal and stopping allocators, journal seq 3
[  192.799748][ T8164] ERROR: (device loop4): diWrite: ixpxd invalid
[  192.799748][ T8164] 
[  192.834308][ T8164] ERROR: (device loop4): txCommit: 
[  192.834308][ T8164] 
[  192.845107][ T8190] loop3: detected capacity change from 0 to 1024
[  192.865439][ T8192] jfs_create: dtSearch returned -17
[  192.938953][ T5829] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 3
[  192.964524][ T5829] bcachefs (loop1): clean shutdown complete, journal seq 4
[  193.070820][ T5829] bcachefs (loop1): marking filesystem clean
[  193.109627][ T5843] 
[  193.109627][ T5843]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  193.109627][ T5843] 
[  193.133161][ T5843] 
[  193.133161][ T5843]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  193.133161][ T5843] 
[  193.282048][ T5829] bcachefs (loop1): shutdown complete
[  193.358673][ T8203] loop3: detected capacity change from 0 to 1024
[  193.428154][ T8203] EXT4-fs: Ignoring removed oldalloc option
[  193.477535][ T8203] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  193.564233][ T8203] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  194.052879][ T8200] loop2: detected capacity change from 0 to 32768
[  194.087392][ T8200] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  194.154970][ T8200] XFS (loop2): Ending clean mount
[  194.282968][ T5833] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  194.404131][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  194.410635][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  194.636876][ T5831] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  194.647116][ T8210] loop4: detected capacity change from 0 to 131072
[  194.655445][ T8210] F2FS-fs (loop4): Segment count (31) mismatch with total segments from devices (0)
[  194.664995][ T8210] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  194.729285][ T8210] F2FS-fs (loop4): invalid crc value
[  194.826112][ T8210] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  194.833399][ T8210] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  194.964184][ T8226] loop3: detected capacity change from 0 to 256
[  195.106172][ T8226] FAT-fs (loop3): Directory bread(block 64) failed
[  195.140298][ T8226] FAT-fs (loop3): Directory bread(block 65) failed
[  195.149194][ T8226] FAT-fs (loop3): Directory bread(block 66) failed
[  195.173311][ T8226] FAT-fs (loop3): Directory bread(block 67) failed
[  195.186585][ T8226] FAT-fs (loop3): Directory bread(block 68) failed
[  195.193669][ T8226] FAT-fs (loop3): Directory bread(block 69) failed
[  195.201311][ T8226] FAT-fs (loop3): Directory bread(block 70) failed
[  195.207887][ T8226] FAT-fs (loop3): Directory bread(block 71) failed
[  195.215121][ T8226] FAT-fs (loop3): Directory bread(block 72) failed
[  195.224589][ T8226] FAT-fs (loop3): Directory bread(block 73) failed
[  195.796980][ T8239] loop2: detected capacity change from 0 to 1024
[  195.948984][ T2965] hfsplus: b-tree write err: -5, ino 4
[  196.082509][ T8245] loop2: detected capacity change from 0 to 256
[  196.169984][ T8245] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  196.400112][ T8249] loop4: detected capacity change from 0 to 512
[  196.407439][ T8249] EXT4-fs: Ignoring removed nobh option
[  196.517605][ T8249] fscrypt (loop4, inode 2): Error -61 getting encryption context
[  196.526265][ T8249] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -61
[  196.534841][ T8249] EXT4-fs error (device loop4): ext4_orphan_get:1393: inode #13: comm syz.4.760: casefold flag without casefold feature
[  196.559005][ T8249] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.760: couldn't read orphan inode 13 (err -117)
[  196.610325][ T8249] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  196.721004][ T5843] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  196.893129][ T8261] loop1: detected capacity change from 0 to 256
[  196.948808][ T8261] exFAT-fs (loop1): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d)
[  196.971476][ T8243] loop0: detected capacity change from 0 to 32768
[  197.114087][ T8243] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  197.223527][ T8277] netlink: 4 bytes leftover after parsing attributes in process `syz.4.768'.
[  197.247556][ T8243] XFS (loop0): Ending clean mount
[  197.307274][ T8243] XFS (loop0): Quotacheck needed: Please wait.
[  197.378100][ T8243] XFS (loop0): Quotacheck: Done.
[  197.592406][ T5830] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  197.931489][ T8297] loop1: detected capacity change from 0 to 1024
[  198.082853][ T8297] hfsplus: inconsistency in B*Tree (1,0,1,0,2)
[  198.378549][ T8313] loop1: detected capacity change from 0 to 256
[  198.487469][ T8313] FAT-fs (loop1): Directory bread(block 64) failed
[  198.487512][ T8313] FAT-fs (loop1): Directory bread(block 65) failed
[  198.487600][ T8313] FAT-fs (loop1): Directory bread(block 66) failed
[  198.487629][ T8313] FAT-fs (loop1): Directory bread(block 67) failed
[  198.487715][ T8313] FAT-fs (loop1): Directory bread(block 68) failed
[  198.487743][ T8313] FAT-fs (loop1): Directory bread(block 69) failed
[  198.487828][ T8313] FAT-fs (loop1): Directory bread(block 70) failed
[  198.487854][ T8313] FAT-fs (loop1): Directory bread(block 71) failed
[  198.487941][ T8313] FAT-fs (loop1): Directory bread(block 72) failed
[  198.487967][ T8313] FAT-fs (loop1): Directory bread(block 73) failed
[  198.722739][ T8284] loop2: detected capacity change from 0 to 32768
[  198.723441][ T8318] loop0: detected capacity change from 0 to 2048
[  198.781272][ T8318] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  198.807122][ T8321] loop3: detected capacity change from 0 to 1024
[  198.833743][ T8284] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  198.929133][ T8321] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  198.980517][ T8334] loop1: detected capacity change from 0 to 2048
[  199.026179][ T8334] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  199.027019][ T8284] XFS (loop2): Ending clean mount
[  199.286624][ T5833] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  199.293293][ T5831] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.038686][ T8392] loop3: detected capacity change from 0 to 1024
[  201.065779][   T24] hid-generic 0000:0003:0000.000C: unknown main item tag 0x0
[  201.081658][ T8392] EXT4-fs: Ignoring removed nobh option
[  201.087393][   T24] hid-generic 0000:0003:0000.000C: unknown main item tag 0x0
[  201.105936][ T8392] EXT4-fs: Ignoring removed bh option
[  201.126394][   T24] hid-generic 0000:0003:0000.000C: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  201.170418][ T8367] loop2: detected capacity change from 0 to 32768
[  201.228400][ T8392] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  201.260096][ T8367] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  201.482233][ T8390] loop0: detected capacity change from 0 to 32768
[  201.539810][ T8390] 
[  201.539810][ T8390]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  201.539810][ T8390] 
[  201.560367][ T8367] XFS (loop2): Ending clean mount
[  201.578308][ T8399] fido_id[8399]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  201.611165][ T8390] ERROR: (device loop0): diWrite: ixpxd invalid
[  201.611165][ T8390] 
[  201.621875][ T5831] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.653526][ T8367] XFS (loop2): Quotacheck needed: Please wait.
[  201.669400][ T8390] ERROR: (device loop0): txCommit: 
[  201.669400][ T8390] 
[  201.784405][ T8412] jfs_create: dtSearch returned -17
[  201.819548][ T8367] XFS (loop2): Quotacheck: Done.
[  201.976373][ T5830] 
[  201.976373][ T5830]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  201.976373][ T5830] 
[  201.981632][ T8418] bridge0: entered promiscuous mode
[  202.018711][ T5830] 
[  202.018711][ T5830]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  202.018711][ T5830] 
[  202.048159][ T8418] macvlan2: entered promiscuous mode
[  202.097458][ T5833] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  202.877305][ T8436] loop2: detected capacity change from 0 to 2048
[  202.930724][ T8436] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  203.006158][ T8411] loop1: detected capacity change from 0 to 40427
[  203.098668][ T8446] loop3: detected capacity change from 0 to 256
[  203.117272][ T8411] F2FS-fs (loop1): invalid crc value
[  203.275685][ T8446] FAT-fs (loop3): Directory bread(block 64) failed
[  203.292819][ T8446] FAT-fs (loop3): Directory bread(block 65) failed
[  203.299487][ T8446] FAT-fs (loop3): Directory bread(block 66) failed
[  203.365777][ T8446] FAT-fs (loop3): Directory bread(block 67) failed
[  203.377297][ T8454] loop2: detected capacity change from 0 to 1024
[  203.401378][ T8446] FAT-fs (loop3): Directory bread(block 68) failed
[  203.407963][ T8446] FAT-fs (loop3): Directory bread(block 69) failed
[  203.417040][ T8446] FAT-fs (loop3): Directory bread(block 70) failed
[  203.423818][ T8446] FAT-fs (loop3): Directory bread(block 71) failed
[  203.430600][ T8446] FAT-fs (loop3): Directory bread(block 72) failed
[  203.437211][ T8446] FAT-fs (loop3): Directory bread(block 73) failed
[  203.478786][ T8454] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  203.540338][ T8411] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  203.667651][   T30] audit: type=1800 audit(1751316405.787:34): pid=8411 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.807" name="bus" dev="loop1" ino=10 res=0 errno=0
[  203.788485][ T5829] syz-executor: attempt to access beyond end of device
[  203.788485][ T5829] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  203.868273][ T5829] CPU: 1 UID: 0 PID: 5829 Comm: syz-executor Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  203.868304][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  203.868319][ T5829] Call Trace:
[  203.868327][ T5829]  <TASK>
[  203.868337][ T5829]  dump_stack_lvl+0x189/0x250
[  203.868378][ T5829]  ? __pfx_dump_stack_lvl+0x10/0x10
[  203.868408][ T5829]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  203.868437][ T5829]  ? __pfx_queue_work_on+0x10/0x10
[  203.868468][ T5829]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  203.868497][ T5829]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  203.868527][ T5829]  ? f2fs_hw_is_readonly+0x39b/0x470
[  203.868559][ T5829]  f2fs_handle_critical_error+0x37c/0x540
[  203.868592][ T5829]  f2fs_write_end_io+0x495/0x810
[  203.868621][ T5829]  ? blkg_put+0x22/0x240
[  203.868663][ T5829]  __submit_merged_bio+0x27a/0x6a0
[  203.868696][ T5829]  __submit_merged_write_cond+0x255/0x530
[  203.868730][ T5829]  f2fs_write_data_pages+0x261d/0x3000
[  203.868796][ T5829]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  203.868872][ T5829]  ? __mod_zone_page_state+0xd7/0x140
[  203.868914][ T5829]  ? folios_put_refs+0x560/0x640
[  203.868963][ T5829]  ? __lock_acquire+0xab9/0xd20
[  203.868999][ T5829]  ? do_raw_spin_lock+0x121/0x290
[  203.869033][ T5829]  ? do_raw_spin_unlock+0x122/0x240
[  203.869054][ T5829]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  203.869084][ T5829]  do_writepages+0x32e/0x550
[  203.869139][ T5829]  ? do_raw_spin_unlock+0x122/0x240
[  203.869164][ T5829]  filemap_fdatawrite+0x199/0x240
[  203.869194][ T5829]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  203.869273][ T5829]  ? do_raw_spin_unlock+0x122/0x240
[  203.869298][ T5829]  f2fs_sync_dirty_inodes+0x31f/0x830
[  203.869345][ T5829]  f2fs_write_checkpoint+0x95a/0x1df0
[  203.869419][ T5829]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  203.869491][ T5829]  ? try_to_wake_up+0x7e5/0x1290
[  203.869520][ T5829]  ? kill_f2fs_super+0x298/0x6c0
[  203.869557][ T5829]  kill_f2fs_super+0x2c3/0x6c0
[  203.869595][ T5829]  ? __pfx_kill_f2fs_super+0x10/0x10
[  203.869624][ T5829]  ? radix_tree_delete_item+0x2b6/0x400
[  203.869662][ T5829]  ? shrinker_free+0x2ce/0x3e0
[  203.869691][ T5829]  deactivate_locked_super+0xbc/0x130
[  203.869720][ T5829]  cleanup_mnt+0x425/0x4c0
[  203.869746][ T5829]  ? lockdep_hardirqs_on+0x9c/0x150
[  203.869781][ T5829]  task_work_run+0x1d1/0x260
[  203.869808][ T5829]  ? __pfx_task_work_run+0x10/0x10
[  203.869827][ T5829]  ? __x64_sys_umount+0x122/0x160
[  203.869863][ T5829]  ? exit_to_user_mode_loop+0x40/0x110
[  203.869897][ T5829]  exit_to_user_mode_loop+0xec/0x110
[  203.869923][ T5829]  do_syscall_64+0x2bd/0x3b0
[  203.869940][ T5829]  ? lockdep_hardirqs_on+0x9c/0x150
[  203.869978][ T5829]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.869999][ T5829]  ? clear_bhb_loop+0x60/0xb0
[  203.870024][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.870045][ T5829] RIP: 0033:0x7fc6b778fc57
[  203.870064][ T5829] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  203.870090][ T5829] RSP: 002b:00007ffc3298b928 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  203.870112][ T5829] RAX: 0000000000000000 RBX: 00007fc6b7810925 RCX: 00007fc6b778fc57
[  203.870127][ T5829] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc3298b9e0
[  203.870139][ T5829] RBP: 00007ffc3298b9e0 R08: 0000000000000000 R09: 0000000000000000
[  203.870152][ T5829] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc3298ca70
[  203.870165][ T5829] R13: 00007fc6b7810925 R14: 0000000000031b80 R15: 00007ffc3298cab0
[  203.870204][ T5829]  </TASK>
[  204.269563][ T5829] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  204.690161][   T30] audit: type=1326 audit(1751316406.807:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8482 comm="syz.2.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f885e38e929 code=0x7ffc0000
[  204.783781][   T30] audit: type=1326 audit(1751316406.807:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8482 comm="syz.2.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f885e38e929 code=0x7ffc0000
[  204.850772][   T30] audit: type=1326 audit(1751316406.857:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8482 comm="syz.2.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f885e38e929 code=0x7ffc0000
[  204.956028][   T30] audit: type=1326 audit(1751316406.857:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8482 comm="syz.2.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f885e38e929 code=0x7ffc0000
[  205.025196][   T30] audit: type=1326 audit(1751316406.857:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8482 comm="syz.2.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f885e38e929 code=0x7ffc0000
[  205.047823][   T30] audit: type=1326 audit(1751316406.857:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8482 comm="syz.2.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=91 compat=0 ip=0x7f885e38e929 code=0x7ffc0000
[  205.111179][   T30] audit: type=1326 audit(1751316406.857:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8482 comm="syz.2.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f885e38e929 code=0x7ffc0000
[  205.168623][   T30] audit: type=1326 audit(1751316406.857:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8482 comm="syz.2.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f885e38e929 code=0x7ffc0000
[  205.311151][ T8496] loop0: detected capacity change from 0 to 2048
[  205.373183][ T8471] loop3: detected capacity change from 0 to 32768
[  205.376111][ T8496] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  205.465796][ T8496] NILFS error (device loop0): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  205.468682][ T8501] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  205.541275][ T8496] Remounting filesystem read-only
[  205.585035][ T8504] loop4: detected capacity change from 0 to 128
[  205.601316][ T8504] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  205.692842][ T8504] FAT-fs (loop4): bogus number of FAT sectors
[  205.698979][ T8504] FAT-fs (loop4): Can't find a valid FAT filesystem
[  205.769422][ T8504] nfs4: Unexpected value for 'tcp'
[  205.807092][ T8471] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  205.807118][ T8471]   allowing incompatible features above 0.0: (unknown version)
[  205.807132][ T8471]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  205.981995][ T8471] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  206.037843][ T8471] bcachefs (loop3): initializing new filesystem
[  206.109698][ T8471] bcachefs (loop3): going read-write
[  206.194847][ T8528] loop2: detected capacity change from 0 to 512
[  206.200060][ T8471] bcachefs (loop3): marking superblocks
[  206.286567][ T8471] bcachefs (loop3): initializing freespace
[  206.304428][ T8528] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  206.341192][ T8471] bcachefs (loop3): done initializing freespace
[  206.362969][ T8528] ext4 filesystem being mounted at /185/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  206.375968][ T8540] netlink: 'syz.1.856': attribute type 4 has an invalid length.
[  206.419143][ T8471] bcachefs (loop3): reading snapshots table
[  206.420344][ T8540] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.856'.
[  206.433456][ T8471] bcachefs (loop3): reading snapshots done
[  206.550134][ T8471] bcachefs (loop3):  loop3: Superblock write was silently dropped! (seq 0 expected 42)
[  206.604435][ T8471] bcachefs (loop3): done starting filesystem
[  206.642036][ T5833] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  206.846423][ T8471] syz.3.837 (8471) used greatest stack depth: 17544 bytes left
[  207.013243][ T5831] bcachefs (loop3): shutting down
[  207.018353][ T5831] bcachefs (loop3): going read-only
[  207.096708][ T5831] bcachefs (loop3): finished waiting for writes to stop
[  207.240555][ T5831] bcachefs (loop3): flushing journal and stopping allocators, journal seq 3
[  207.393668][ T5831] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 3
[  207.429512][ T5831] bcachefs (loop3): clean shutdown complete, journal seq 4
[  207.445084][ T5831] bcachefs (loop3): marking filesystem clean
[  207.583038][ T5831] bcachefs (loop3): shutdown complete
[  208.036287][ T8589] netdevsim netdevsim0: Firmware load for '/../file0' refused, path contains '..' component
[  208.264896][ T8567] loop4: detected capacity change from 0 to 32768
[  208.278494][ T8567] XFS (loop4): Cannot mount filesystem with identical rtdev and ddev/logdev.
[  208.586467][ T8574] loop1: detected capacity change from 0 to 32768
[  208.667284][ T8574] ocfs2: Slot 0 on device (7,1) was already allocated to this node!
[  208.797022][ T8574] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  208.902035][ T8605] loop4: detected capacity change from 0 to 8
[  208.919814][ T8604] loop2: detected capacity change from 0 to 1024
[  208.969833][ T8604] EXT4-fs: inline encryption not supported
[  208.988979][ T8604] EXT4-fs: Ignoring removed i_version option
[  209.024765][ T8604] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  209.029578][ T5829] ocfs2: Unmounting device (7,1) on (node local)
[  209.168431][ T8604] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 2: comm syz.2.880: lblock 2 mapped to illegal pblock 2 (length 1)
[  209.212777][ T8593] loop0: detected capacity change from 0 to 32768
[  209.240463][ T8604] Quota error (device loop2): qtree_write_dquot: dquota write failed
[  209.264938][ T8604] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 48: comm syz.2.880: lblock 0 mapped to illegal pblock 48 (length 1)
[  209.360175][ T8604] Quota error (device loop2): v2_write_file_info: Can't write info structure
[  209.369466][ T8604] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.880: Failed to acquire dquot type 0
[  209.448050][ T8604] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6254: Corrupt filesystem
[  209.519417][ T8593] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  209.519452][ T8593]   allowing incompatible features above 0.0: (unknown version)
[  209.519465][ T8593]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  209.560199][ T8604] EXT4-fs error (device loop2): ext4_evict_inode:254: inode #11: comm syz.2.880: mark_inode_dirty error
[  209.566967][ T8604] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  209.567109][ T8604] EXT4-fs (loop2): 1 orphan inode deleted
[  209.573597][ T8604] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  209.590172][ T5966] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:8: lblock 1 mapped to illegal pblock 1 (length 1)
[  209.612267][ T5966] Quota error (device loop2): remove_tree: Can't read quota data block 1
[  209.612315][ T5966] EXT4-fs error (device loop2): ext4_release_dquot:6969: comm kworker/u8:8: Failed to release dquot type 0
[  209.629241][ T8604] EXT4-fs: Ignoring removed orlov option
[  209.629376][ T8604] EXT4-fs (loop2): stripe (16) is not aligned with cluster size (4096), stripe is disabled
[  209.660325][ T8604] EXT4-fs (loop2): can't enable nombcache during remount
[  209.807629][ T5833] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  209.808640][ T5833] EXT4-fs error (device loop2): __ext4_get_inode_loc:4791: comm syz-executor: Invalid inode table block 1 in block_group 0
[  209.817856][ T5833] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6254: Corrupt filesystem
[  209.856658][ T8593] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[  210.022806][ T5833] EXT4-fs error (device loop2): ext4_quota_off:7217: inode #3: comm syz-executor: mark_inode_dirty error
[  210.119990][ T8593] bcachefs (loop0): initializing new filesystem
[  210.186840][ T8593] bcachefs (loop0): going read-write
[  210.274197][ T8593] bcachefs (loop0): marking superblocks
[  210.369484][ T8593] bcachefs (loop0): initializing freespace
[  210.407094][ T8593] bcachefs (loop0): done initializing freespace
[  210.466915][ T8593] bcachefs (loop0): reading snapshots table
[  210.529978][ T8593] bcachefs (loop0): reading snapshots done
[  210.580198][ T8642] loop1: detected capacity change from 0 to 512
[  210.633224][ T8593] bcachefs (loop0):  loop0: Superblock write was silently dropped! (seq 0 expected 42)
[  210.664305][ T8647] loop4: detected capacity change from 0 to 512
[  210.668399][ T8642] EXT4-fs error (device loop1): ext4_orphan_get:1393: inode #15: comm syz.1.892: casefold flag without casefold feature
[  210.671269][ T8593] bcachefs (loop0): done starting filesystem
[  210.779878][ T8642] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.892: couldn't read orphan inode 15 (err -117)
[  210.818392][ T8647] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  210.862139][ T8642] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  210.892829][ T8647] ext4 filesystem being mounted at /202/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  210.927164][ T8656] loop2: detected capacity change from 0 to 1024
[  210.990727][ T8647] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  211.026095][ T5829] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  211.146391][ T5843] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  211.173452][ T5830] bcachefs (loop0): shutting down
[  211.173534][ T5966] hfsplus: b-tree write err: -5, ino 4
[  211.178546][ T5830] bcachefs (loop0): going read-only
[  211.249967][ T5830] bcachefs (loop0): finished waiting for writes to stop
[  211.319331][ T5830] bcachefs (loop0): flushing journal and stopping allocators, journal seq 3
[  211.372587][ T5830] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 3
[  211.414623][ T5830] bcachefs (loop0): clean shutdown complete, journal seq 4
[  211.435381][ T5830] bcachefs (loop0): marking filesystem clean
[  211.567582][ T8669] loop1: detected capacity change from 0 to 512
[  211.568414][ T5830] bcachefs (loop0): shutdown complete
[  211.615989][ T8669] EXT4-fs: Ignoring removed nomblk_io_submit option
[  211.640629][ T8669] EXT4-fs: Ignoring removed i_version option
[  211.736292][ T8669] EXT4-fs (loop1): 1 orphan inode deleted
[  211.763956][ T8657] loop3: detected capacity change from 0 to 32768
[  211.776912][ T8669] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  211.790299][   T24] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  211.852988][ T8674] vlan2: entered allmulticast mode
[  211.866194][ T8674] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode
[  211.900086][ T8657] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  211.926895][ T5829] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  211.952779][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  211.963871][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  211.974440][   T24] usb 3-1: New USB device found, idVendor=18d1, idProduct=9400, bcdDevice= 0.00
[  211.985089][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  212.004220][   T24] usb 3-1: config 0 descriptor??
[  212.086630][ T5831] ocfs2: Unmounting device (7,3) on (node local)
[  212.225480][ T5850] Bluetooth: hci4: unexpected cc 0x2007 length: 100 > 2
[  212.472570][   T24] stadia 0003:18D1:9400.000D: hidraw0: USB HID v0.00 Device [HID 18d1:9400] on usb-dummy_hcd.2-1/input0
[  212.512020][   T24] stadia 0003:18D1:9400.000D: no inputs found
[  212.531250][   T24] stadia 0003:18D1:9400.000D: force feedback init failed
[  212.668136][   T24] usb 3-1: USB disconnect, device number 7
[  212.753172][ T8690] fido_id[8690]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  213.378188][ T8707] loop2: detected capacity change from 0 to 1024
[  213.413388][ T8689] loop1: detected capacity change from 0 to 32768
[  213.670300][ T8717] loop3: detected capacity change from 0 to 128
[  213.687813][   T30] audit: type=1326 audit(1751316415.807:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8718 comm="syz.2.923" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f885e38e929 code=0x0
[  213.785349][ T8689] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  213.785375][ T8689]   allowing incompatible features above 0.0: (unknown version)
[  213.785388][ T8689]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  213.821071][ T8717] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  213.821133][ T8717] FAT-fs (loop3): Filesystem has been set read-only
[  213.821770][ T8717] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 548)
[  213.821804][ T8717] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 548)
[  214.072018][ T8689] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[  214.093825][ T8689] bcachefs (loop1): initializing new filesystem
[  214.148682][ T8689] bcachefs (loop1): going read-write
[  214.239486][ T8689] bcachefs (loop1): marking superblocks
[  214.275053][ T8689] bcachefs (loop1): initializing freespace
[  214.294510][ T8732] loop0: detected capacity change from 0 to 128
[  214.305934][ T8689] bcachefs (loop1): done initializing freespace
[  214.337918][ T8689] bcachefs (loop1): reading snapshots table
[  214.364849][ T8689] bcachefs (loop1): reading snapshots done
[  214.373553][ T8732] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  214.402673][ T8732] ext4 filesystem being mounted at /153/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  214.478720][ T8689] bcachefs (loop1):  loop1: Superblock write was silently dropped! (seq 0 expected 42)
[  214.502299][ T8689] bcachefs (loop1): done starting filesystem
[  214.502587][ T8737] usb usb8: usbfs: process 8737 (syz.3.928) did not claim interface 0 before use
[  214.664846][ T5830] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  214.842760][ T5829] bcachefs (loop1): shutting down
[  214.847855][ T5829] bcachefs (loop1): going read-only
[  214.870579][ T5829] bcachefs (loop1): finished waiting for writes to stop
[  214.936582][ T5829] bcachefs (loop1): flushing journal and stopping allocators, journal seq 3
[  215.104537][ T5829] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 3
[  215.156248][ T5829] bcachefs (loop1): clean shutdown complete, journal seq 4
[  215.162721][ T8755] loop0: detected capacity change from 0 to 4096
[  215.185621][ T5829] bcachefs (loop1): marking filesystem clean
[  215.271946][ T8755] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  215.324432][ T8760] [U] Ļ
[  215.374183][ T5829] bcachefs (loop1): shutdown complete
[  215.511859][ T5830] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  215.673413][ T8773] loop0: detected capacity change from 0 to 128
[  215.775729][ T8773] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  215.851597][ T8773] ext4 filesystem being mounted at /156/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  216.012049][ T8768] loop4: detected capacity change from 0 to 32768
[  216.041170][ T5830] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  216.244825][ T5150] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  216.253568][ T5150] Bluetooth: hci4: Injecting HCI hardware error event
[  216.263662][ T5845] Bluetooth: hci4: hardware error 0x00
[  216.349089][ T8780] netlink: 24 bytes leftover after parsing attributes in process `syz.4.948'.
[  216.964786][ T5150] Bluetooth: hci0: command 0x0406 tx timeout
[  216.971130][ T5150] Bluetooth: hci3: command 0x0406 tx timeout
[  216.977175][ T5150] Bluetooth: hci2: command 0x0406 tx timeout
[  216.983404][ T5848] Bluetooth: hci1: command 0x0406 tx timeout
[  217.110583][ T8802] netlink: 'syz.4.959': attribute type 3 has an invalid length.
[  217.205709][ T8804] qrtr: Invalid version 0
[  217.286762][ T8806] loop4: detected capacity change from 0 to 512
[  217.390278][ T8806] EXT4-fs (loop4): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  217.520721][ T8811] netlink: 32 bytes leftover after parsing attributes in process `syz.2.963'.
[  217.595239][ T8790] loop3: detected capacity change from 0 to 32768
[  217.637044][ T5843] EXT4-fs (loop4): unmounting filesystem 00800000-0000-0000-0000-000000000000.
[  217.955731][ T8823] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  218.029681][ T8827] loop2: detected capacity change from 0 to 128
[  218.099452][ T8827] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a842c018, mo2=0002]
[  218.162202][ T8827] System zones: 1-3, 19-19, 35-36
[  218.201838][ T8827] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  218.238890][ T8827] ext4 filesystem being mounted at /211/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  218.400988][ T5845] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  218.442125][ T5833] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  218.468522][ T8837] loop1: detected capacity change from 0 to 1024
[  218.480836][ T8837] EXT4-fs: Ignoring removed mblk_io_submit option
[  218.538341][ T8837] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  218.594056][ T8821] loop0: detected capacity change from 0 to 32768
[  218.678076][ T8821] JBD2: Ignoring recovery information on journal
[  218.684770][ T8842] can0: slcan on ttyprintk.
[  218.735432][ T5829] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  218.919641][ T8821] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  218.961376][ T8841] can0 (unregistered): slcan off ttyprintk.
[  219.369019][ T5830] ocfs2: Unmounting device (7,0) on (node local)
[  219.373801][    T9] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  219.438121][ T8868] netlink: 'syz.4.987': attribute type 1 has an invalid length.
[  219.475721][ T8868] netlink: 12 bytes leftover after parsing attributes in process `syz.4.987'.
[  219.517921][ T8870] loop2: detected capacity change from 0 to 512
[  219.561078][    T9] usb 2-1: Using ep0 maxpacket: 8
[  219.582146][    T9] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  219.599398][ T8872] loop3: detected capacity change from 0 to 64
[  219.609665][    T9] usb 2-1: config 179 has no interface number 0
[  219.630446][    T9] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  219.677958][    T9] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  219.686037][ T8870] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  219.711534][ T8872] hfs: small file entry
[  219.717481][ T8870] ext4 filesystem being mounted at /217/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  219.785775][    T9] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  219.855604][    T9] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[  219.916399][    T9] usb 2-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  219.947205][    T9] usb 2-1: config 179 interface 65 has no altsetting 0
[  219.995730][    T9] usb 2-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  220.059703][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  220.090369][ T5833] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  220.223997][    T9] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input10
[  220.298974][ T8891] netlink: 'syz.4.998': attribute type 1 has an invalid length.
[  220.333048][    C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  220.349745][    T9] usb 2-1: USB disconnect, device number 9
[  220.987336][ T8911] tipc: Started in network mode
[  220.996555][ T8911] tipc: Node identity fc01, cluster identity 4711
[  221.025828][ T8911] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  221.260382][   T24] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  221.356375][ T8897] loop3: detected capacity change from 0 to 32768
[  221.368141][ T8921] netlink: 'syz.4.1012': attribute type 2 has an invalid length.
[  221.434300][ T8897] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  221.452223][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  221.470601][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  221.470762][ T2992] (kworker/u8:7,2992,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: directory entry overrun - offset=0, inode=72, rec_len=65296, name_len=7
[  221.480721][   T24] usb 2-1: New USB device found, idVendor=1d34, idProduct=0004, bcdDevice= 0.00
[  221.506029][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  221.525236][   T24] usb 2-1: config 0 descriptor??
[  221.556171][ T8907] loop0: detected capacity change from 0 to 32768
[  221.567136][ T8897] OCFS2: ERROR (device loop3): int ocfs2_validate_gd_parent(struct super_block *, struct ocfs2_dinode *, struct buffer_head *, int): Group descriptor #32 has bad chain 0
[  221.602964][ T8897] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  221.618447][ T8897] OCFS2: File system is now read-only.
[  221.646059][ T8907] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  221.686064][ T8897] (syz.3.1000,8897,1):ocfs2_trim_mainbm:7630 ERROR: status = -30
[  221.788860][ T8907] XFS (loop0): Ending clean mount
[  221.892575][ T5830] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  221.917874][ T5831] ocfs2: Unmounting device (7,3) on (node local)
[  222.023318][   T24] hid-led 0003:1D34:0004.000E: item fetching failed at offset 5/7
[  222.032468][   T24] hid-led 0003:1D34:0004.000E: probe with driver hid-led failed with error -22
[  222.137576][ T8918] loop2: detected capacity change from 0 to 32768
[  222.205970][   T43] usb 2-1: USB disconnect, device number 10
[  222.295760][ T8918] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[  222.479268][ T5833] ocfs2: Unmounting device (7,2) on (node local)
[  222.561831][ T8939] loop0: detected capacity change from 0 to 1024
[  222.586820][ T8939] EXT4-fs: Ignoring removed nobh option
[  222.617087][ T8939] EXT4-fs: Ignoring removed bh option
[  222.735596][ T8939] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  222.793117][ T8928] loop4: detected capacity change from 0 to 32768
[  222.890779][ T8928] XFS (loop4): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4
[  223.079395][ T5830] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  223.182599][ T8928] XFS (loop4): Tail block (0x40) overwrite detected. Updated to 0x80
[  223.207639][ T8928] XFS (loop4): Starting recovery (logdev: internal)
[  223.225704][ T8928] XFS (loop4): Ending recovery (logdev: internal)
[  223.295113][ T8963] loop0: detected capacity change from 0 to 256
[  223.327536][ T8943] loop3: detected capacity change from 0 to 32768
[  223.356757][ T8943] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1017 (8943)
[  223.416244][ T8963] FAT-fs (loop0): Directory bread(block 64) failed
[  223.425688][ T5843] XFS (loop4): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4
[  223.470289][ T8963] FAT-fs (loop0): Directory bread(block 65) failed
[  223.477910][ T8943] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  223.502923][ T8943] BTRFS info (device loop3): using sha256 (sha256-x86_64) checksum algorithm
[  223.522247][ T8943] BTRFS info (device loop3): using free-space-tree
[  223.528045][ T8963] FAT-fs (loop0): Directory bread(block 66) failed
[  223.596041][ T8963] FAT-fs (loop0): Directory bread(block 67) failed
[  223.670692][ T8963] FAT-fs (loop0): Directory bread(block 68) failed
[  223.677280][ T8963] FAT-fs (loop0): Directory bread(block 69) failed
[  223.706063][ T8963] FAT-fs (loop0): Directory bread(block 70) failed
[  223.712927][ T8963] FAT-fs (loop0): Directory bread(block 71) failed
[  223.719628][ T8963] FAT-fs (loop0): Directory bread(block 72) failed
[  223.726834][ T8963] FAT-fs (loop0): Directory bread(block 73) failed
[  223.891851][ T8963] syz.0.1021: attempt to access beyond end of device
[  223.891851][ T8963] loop0: rw=524288, sector=1160, nr_sectors = 4 limit=256
[  223.930501][ T8963] syz.0.1021: attempt to access beyond end of device
[  223.930501][ T8963] loop0: rw=0, sector=1160, nr_sectors = 4 limit=256
[  223.974952][ T8968] loop1: detected capacity change from 0 to 32768
[  223.982648][ T8986] sp0: Synchronizing with TNC
[  223.984118][   T30] audit: type=1800 audit(1751316426.097:44): pid=8963 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1021" name="file0" dev="loop0" ino=1048732 res=0 errno=0
[  224.130554][ T5831] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  224.270412][ T8992] Bluetooth: MGMT ver 1.23
[  224.606208][ T8968] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,checksum_err_retry_nr=4,compression=lz4,degraded=no,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,nocow,no_data_io
[  224.606240][ T8968]   allowing incompatible features above 0.0: (unknown version)
[  224.606254][ T8968]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  224.678195][ T5200] udevd[5200]: worker [5840] terminated by signal 33 (Unknown signal 33)
[  224.678253][ T5200] udevd[5200]: worker [5840] failed while handling '/devices/virtual/block/loop1'
[  224.911977][ T8968] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[  224.943304][ T8968] bcachefs (loop1): recovering from clean shutdown, journal seq 10
[  224.960343][ T8968] bcachefs (loop1): Version upgrade required:
[  224.960343][ T8968] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  224.960343][ T8968] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[  224.960343][ T8968]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[  225.050369][ T8968] bcachefs (loop1): dropping and reconstructing all alloc info
[  225.099328][ T9017] netlink: 11 bytes leftover after parsing attributes in process `syz.3.1036'.
[  225.136548][ T8968] bcachefs (loop1): accounting_read... done
[  225.165850][ T8968] bcachefs (loop1): alloc_read... done
[  225.189516][ T9019] loop0: detected capacity change from 0 to 2048
[  225.205692][ T8968] bcachefs (loop1): snapshots_read... done
[  225.221258][ T9019] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  225.230656][ T8968] bcachefs (loop1): done starting filesystem
[  225.506483][ T5829] bcachefs (loop1): shutting down
[  225.575702][ T5829] bcachefs (loop1): shutdown complete
[  226.057475][ T9032] loop3: detected capacity change from 0 to 4096
[  226.308205][ T9027] loop0: detected capacity change from 0 to 32768
[  226.373138][ T9025] loop2: detected capacity change from 0 to 40427
[  226.426446][ T9025] F2FS-fs (loop2): invalid crc value
[  226.761295][ T9025] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  226.980882][ T5833] syz-executor: attempt to access beyond end of device
[  226.980882][ T5833] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  227.029982][ T5833] CPU: 1 UID: 0 PID: 5833 Comm: syz-executor Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  227.030014][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  227.030027][ T5833] Call Trace:
[  227.030036][ T5833]  <TASK>
[  227.030045][ T5833]  dump_stack_lvl+0x189/0x250
[  227.030082][ T5833]  ? __pfx_dump_stack_lvl+0x10/0x10
[  227.030114][ T5833]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  227.030139][ T5833]  ? __pfx_queue_work_on+0x10/0x10
[  227.030163][ T5833]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  227.030187][ T5833]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  227.030213][ T5833]  ? f2fs_hw_is_readonly+0x39b/0x470
[  227.030238][ T5833]  f2fs_handle_critical_error+0x37c/0x540
[  227.030265][ T5833]  f2fs_write_end_io+0x495/0x810
[  227.030288][ T5833]  ? blkg_put+0x22/0x240
[  227.030322][ T5833]  __submit_merged_bio+0x27a/0x6a0
[  227.030348][ T5833]  __submit_merged_write_cond+0x255/0x530
[  227.030374][ T5833]  f2fs_write_data_pages+0x261d/0x3000
[  227.030425][ T5833]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  227.030483][ T5833]  ? __mod_zone_page_state+0xd7/0x140
[  227.030515][ T5833]  ? unwind_next_frame+0xa5/0x2390
[  227.030538][ T5833]  ? rcu_is_watching+0x15/0xb0
[  227.030560][ T5833]  ? __kasan_check_byte+0x12/0x40
[  227.030596][ T5833]  ? __lock_acquire+0xab9/0xd20
[  227.030624][ T5833]  ? do_raw_spin_lock+0x121/0x290
[  227.030649][ T5833]  ? do_raw_spin_unlock+0x122/0x240
[  227.030666][ T5833]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  227.030702][ T5833]  do_writepages+0x32e/0x550
[  227.030734][ T5833]  ? do_raw_spin_unlock+0x122/0x240
[  227.030753][ T5833]  filemap_fdatawrite+0x199/0x240
[  227.030778][ T5833]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  227.030840][ T5833]  ? do_raw_spin_unlock+0x122/0x240
[  227.030860][ T5833]  f2fs_sync_dirty_inodes+0x31f/0x830
[  227.030896][ T5833]  f2fs_write_checkpoint+0x95a/0x1df0
[  227.030957][ T5833]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  227.031013][ T5833]  ? try_to_wake_up+0x7e5/0x1290
[  227.031034][ T5833]  ? kill_f2fs_super+0x298/0x6c0
[  227.031064][ T5833]  kill_f2fs_super+0x2c3/0x6c0
[  227.031103][ T5833]  ? __pfx_kill_f2fs_super+0x10/0x10
[  227.031138][ T5833]  ? radix_tree_delete_item+0x2b6/0x400
[  227.031168][ T5833]  ? shrinker_free+0x2ce/0x3e0
[  227.031189][ T5833]  deactivate_locked_super+0xbc/0x130
[  227.031211][ T5833]  cleanup_mnt+0x425/0x4c0
[  227.031232][ T5833]  ? lockdep_hardirqs_on+0x9c/0x150
[  227.031264][ T5833]  task_work_run+0x1d1/0x260
[  227.031284][ T5833]  ? __pfx_task_work_run+0x10/0x10
[  227.031299][ T5833]  ? __x64_sys_umount+0x122/0x160
[  227.031327][ T5833]  ? exit_to_user_mode_loop+0x40/0x110
[  227.031350][ T5833]  exit_to_user_mode_loop+0xec/0x110
[  227.031371][ T5833]  do_syscall_64+0x2bd/0x3b0
[  227.031385][ T5833]  ? lockdep_hardirqs_on+0x9c/0x150
[  227.031408][ T5833]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  227.031424][ T5833]  ? clear_bhb_loop+0x60/0xb0
[  227.031444][ T5833]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  227.031460][ T5833] RIP: 0033:0x7f885e38fc57
[  227.031474][ T5833] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  227.031488][ T5833] RSP: 002b:00007ffe6453c178 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  227.031506][ T5833] RAX: 0000000000000000 RBX: 00007f885e410925 RCX: 00007f885e38fc57
[  227.031517][ T5833] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe6453c230
[  227.031527][ T5833] RBP: 00007ffe6453c230 R08: 0000000000000000 R09: 0000000000000000
[  227.031537][ T5833] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe6453d2c0
[  227.031548][ T5833] R13: 00007f885e410925 R14: 0000000000037621 R15: 00007ffe6453d300
[  227.031573][ T5833]  </TASK>
[  227.393551][ T5833] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  227.937872][ T9076] netlink: 'syz.3.1061': attribute type 5 has an invalid length.
[  228.535791][ T9090] ieee802154 phy0 wpan0: encryption failed: -22
[  228.664852][ T9097] loop2: detected capacity change from 0 to 64
[  228.738231][ T9097] BFS-fs: bfs_fill_super(): loop2 is unclean, continuing
[  228.777986][ T9101] loop1: detected capacity change from 0 to 512
[  228.833363][ T9101] EXT4-fs (loop1): Test dummy encryption mode enabled
[  228.899596][ T9101] EXT4-fs error (device loop1): ext4_iget_extra_inode:5034: inode #15: comm syz.1.1073: corrupted in-inode xattr: overlapping e_value 
[  228.999546][ T9101] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.1073: couldn't read orphan inode 15 (err -117)
[  229.055260][ T9101] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  229.105000][ T9101] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1073'.
[  229.118353][ T9101] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1073'.
[  229.248046][ T5829] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  229.497292][ T9121] loop1: detected capacity change from 0 to 2048
[  229.571346][ T9121] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  229.729421][ T9093] loop4: detected capacity change from 0 to 32768
[  229.823098][ T9093] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  230.008192][ T9093] XFS (loop4): Ending clean mount
[  230.091550][ T9093] XFS (loop4): Quotacheck needed: Please wait.
[  230.233645][ T9093] XFS (loop4): Quotacheck: Done.
[  230.307538][ T9149] loop0: detected capacity change from 0 to 256
[  230.452975][ T9149] FAT-fs (loop0): Directory bread(block 64) failed
[  230.487742][ T9149] FAT-fs (loop0): Directory bread(block 65) failed
[  230.506930][ T5843] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  230.524225][ T9149] FAT-fs (loop0): Directory bread(block 66) failed
[  230.530946][ T9126] loop3: detected capacity change from 0 to 32768
[  230.562928][ T9149] FAT-fs (loop0): Directory bread(block 67) failed
[  230.573004][ T9149] FAT-fs (loop0): Directory bread(block 68) failed
[  230.579659][ T9149] FAT-fs (loop0): Directory bread(block 69) failed
[  230.586784][ T9149] FAT-fs (loop0): Directory bread(block 70) failed
[  230.604037][ T9149] FAT-fs (loop0): Directory bread(block 71) failed
[  230.611786][ T9126] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  230.620360][ T9149] FAT-fs (loop0): Directory bread(block 72) failed
[  230.633464][ T9149] FAT-fs (loop0): Directory bread(block 73) failed
[  230.779917][ T5836] usb 3-1: new full-speed USB device number 8 using dummy_hcd
[  230.879444][ T5831] ocfs2: Unmounting device (7,3) on (node local)
[  230.953859][ T5836] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  230.988582][ T5836] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  231.055544][ T5836] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  231.075410][ T5836] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  231.115226][ T5836] usb 3-1: Product: syz
[  231.119451][ T5836] usb 3-1: Manufacturer: syz
[  231.155194][ T5836] usb 3-1: SerialNumber: syz
[  231.402615][ T5836] usb 3-1: 0:2 : does not exist
[  231.439049][ T5836] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  231.489237][ T9152] loop1: detected capacity change from 0 to 32768
[  231.550096][ T9152] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  231.594914][ T9177] loop3: detected capacity change from 0 to 512
[  231.610072][ T5836] usb 3-1: USB disconnect, device number 8
[  231.646597][ T9175] loop4: detected capacity change from 0 to 1024
[  231.655790][ T9177] EXT4-fs (loop3): orphan cleanup on readonly fs
[  231.661301][ T9175] EXT4-fs: Ignoring removed nobh option
[  231.679358][ T9175] EXT4-fs: Ignoring removed bh option
[  231.740808][ T9177] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.1102: bg 0: block 248: padding at end of block bitmap is not set
[  231.755435][ T9175] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  231.788911][ T6008] udevd[6008]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  231.878508][ T9187] sctp: [Deprecated]: syz.0.1104 (pid 9187) Use of int in maxseg socket option.
[  231.878508][ T9187] Use struct sctp_assoc_value instead
[  231.901691][ T9177] Quota error (device loop3): write_blk: dquota write failed
[  231.909325][ T9177] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  231.933614][ T9177] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1102: Failed to acquire dquot type 1
[  231.950002][ T9152] XFS (loop1): Ending clean mount
[  231.980889][ T5843] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  232.000499][ T9177] EXT4-fs (loop3): 1 truncate cleaned up
[  232.010277][ T9152] XFS (loop1): Quotacheck needed: Please wait.
[  232.056745][ T9177] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  232.160000][ T9152] XFS (loop1): Quotacheck: Done.
[  232.193468][ T5831] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  232.253827][   T30] audit: type=1800 audit(1751316434.367:45): pid=9152 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1093" name="file2" dev="loop1" ino=9287 res=0 errno=0
[  232.478560][ T5829] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  232.923311][ T9205] loop4: detected capacity change from 0 to 128
[  232.943386][ T9205] ufs: You didn't specify the type of your ufs filesystem
[  232.943386][ T9205] 
[  232.943386][ T9205] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  232.943386][ T9205] 
[  232.943386][ T9205] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  233.057642][ T9205] ufs: ufs_fill_super(): fragment size 2066844866 is not a power of 2
[  233.217633][ T9189] loop0: detected capacity change from 0 to 32768
[  233.279821][ T9189] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  233.332684][ T9228] loop4: detected capacity change from 0 to 64
[  233.379138][ T9231] loop2: detected capacity change from 0 to 256
[  233.450419][ T9189] XFS (loop0): Ending clean mount
[  233.476179][ T9231] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e00961, utbl_chksum : 0xe619d30d)
[  233.681502][ T9235] sp0: Synchronizing with TNC
[  233.688565][ T9237] loop1: detected capacity change from 0 to 512
[  233.700337][ T9235] sp0: Found TNC
[  233.709259][ T9234] [U] č`
[  233.720560][ T5830] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  233.871640][ T9239] netlink: 'syz.2.1126': attribute type 3 has an invalid length.
[  233.995360][ T9233] loop3: detected capacity change from 0 to 32768
[  234.053180][ T9233] gfs2: fsid=errīrs=withdraw: Trying to join cluster "lock_nolock", "errīrs=withdraw"
[  234.063300][ T9233] gfs2: fsid=errīrs=withdraw: Now mounting FS (format 1802)...
[  234.075299][ T9233] gfs2: fsid=errīrs=withdraw.0: journal 0 mapped with 1 extents in 0ms
[  234.110511][ T5836] gfs2: fsid=errīrs=withdraw.0: jid=0, already locked for use
[  234.118043][ T5836] gfs2: fsid=errīrs=withdraw.0: jid=0: Looking at journal...
[  234.158582][ T9237] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  234.228487][ T9237] ext4 filesystem being mounted at /200/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  234.377580][ T9237] EXT4-fs error (device loop1): ext4_do_update_inode:5567: inode #2: comm syz.1.1123: corrupted inode contents
[  234.402177][ T5836] gfs2: fsid=errīrs=withdraw.0: jid=0: Journal head lookup took 284ms
[  234.431702][ T5836] gfs2: fsid=errīrs=withdraw.0: jid=0: Done
[  234.467735][ T9237] EXT4-fs (loop1): Remounting filesystem read-only
[  234.470266][ T9233] gfs2: fsid=errīrs=withdraw.0: first mount done, others may mount
[  234.483407][ T9233] gfs2: fsid=errīrs=withdraw.0: ri_addr=18 ri_length=1 ri_data0=19 ri_data=524288 ri_bitbytes=515 start=0 len=515 offset=128
[  234.498303][ T9233] gfs2: fsid=errīrs=withdraw.0:  R: n:18 f:00 b:0/0 i:0 q:0 r:0 e:0
[  234.507278][ T9233] gfs2: fsid=errīrs=withdraw.0: fatal: filesystem consistency error - RG = 18, function = compute_bitstructs, file = fs/gfs2/rgrp.c, line = 829
[  234.522096][ T9233] gfs2: fsid=errīrs=withdraw.0: G:  s:UN n:3/12 f:an t:UN d:EX/0 a:0 v:0 r:1 m:20 p:0
[  234.532095][ T9233] gfs2: fsid=errīrs=withdraw.0: about to withdraw this file system
[  234.547246][ T9233] gfs2: fsid=errīrs=withdraw.0: Journal recovery skipped for jid 0 until next mount.
[  234.556819][ T9233] gfs2: fsid=errīrs=withdraw.0: Glock dequeues delayed: 0
[  234.564614][ T9233] gfs2: fsid=errīrs=withdraw.0: File system withdrawn
[  234.571556][ T9233] CPU: 0 UID: 0 PID: 9233 Comm: syz.3.1122 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  234.571610][ T9233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  234.571636][ T9233] Call Trace:
[  234.571644][ T9233]  <TASK>
[  234.571653][ T9233]  dump_stack_lvl+0x189/0x250
[  234.571694][ T9233]  ? __pfx_dump_stack_lvl+0x10/0x10
[  234.571726][ T9233]  ? __pfx__printk+0x10/0x10
[  234.571749][ T9233]  ? kobject_uevent_env+0x36b/0x8c0
[  234.571786][ T9233]  gfs2_withdraw+0x111e/0x14f0
[  234.571829][ T9233]  ? __pfx_gfs2_withdraw+0x10/0x10
[  234.571869][ T9233]  ? do_raw_spin_unlock+0x122/0x240
[  234.571895][ T9233]  gfs2_consist_rgrpd_i+0x14b/0x1a0
[  234.571925][ T9233]  ? __pfx_gfs2_consist_rgrpd_i+0x10/0x10
[  234.571986][ T9233]  ? rcu_is_watching+0x15/0xb0
[  234.572016][ T9233]  ? trace_kmalloc+0x1f/0xd0
[  234.572053][ T9233]  gfs2_ri_update+0xba2/0x1650
[  234.572107][ T9233]  ? __pfx_gfs2_ri_update+0x10/0x10
[  234.572144][ T9233]  ? inode_go_held+0xf8/0x200
[  234.572171][ T9233]  ? gfs2_glock_wait+0x20f/0x2a0
[  234.572200][ T9233]  gfs2_rindex_update+0x2cd/0x370
[  234.572232][ T9233]  ? __pfx_gfs2_rindex_update+0x10/0x10
[  234.572261][ T9233]  ? init_inodes+0x24e/0x320
[  234.572289][ T9233]  ? complete_all+0x7b/0x330
[  234.572325][ T9233]  init_inodes+0x24e/0x320
[  234.572353][ T9233]  gfs2_fill_super+0x1923/0x20d0
[  234.572403][ T9233]  ? __pfx_gfs2_fill_super+0x10/0x10
[  234.572428][ T9233]  ? init_locking+0xb8/0x210
[  234.572448][ T9233]  ? sb_set_blocksize+0x104/0x180
[  234.572470][ T9233]  ? setup_bdev_super+0x4c1/0x5b0
[  234.572499][ T9233]  get_tree_bdev_flags+0x40e/0x4d0
[  234.572525][ T9233]  ? __pfx_gfs2_fill_super+0x10/0x10
[  234.572547][ T9233]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  234.572573][ T9233]  ? rcu_is_watching+0x15/0xb0
[  234.572603][ T9233]  gfs2_get_tree+0x51/0x1e0
[  234.572627][ T9233]  vfs_get_tree+0x8f/0x2b0
[  234.572656][ T9233]  do_new_mount+0x24a/0xa40
[  234.572682][ T9233]  __se_sys_mount+0x317/0x410
[  234.572706][ T9233]  ? __pfx___se_sys_mount+0x10/0x10
[  234.572730][ T9233]  ? do_syscall_64+0xbe/0x3b0
[  234.572747][ T9233]  ? __x64_sys_mount+0x20/0xc0
[  234.572768][ T9233]  do_syscall_64+0xfa/0x3b0
[  234.572783][ T9233]  ? lockdep_hardirqs_on+0x9c/0x150
[  234.572811][ T9233]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  234.572829][ T9233]  ? clear_bhb_loop+0x60/0xb0
[  234.572851][ T9233]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  234.572869][ T9233] RIP: 0033:0x7fa1efb900ca
[  234.572887][ T9233] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  234.572903][ T9233] RSP: 002b:00007fa1ed9f5e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  234.572924][ T9233] RAX: ffffffffffffffda RBX: 00007fa1ed9f5ef0 RCX: 00007fa1efb900ca
[  234.572938][ T9233] RDX: 0000200000000000 RSI: 0000200000012500 RDI: 00007fa1ed9f5eb0
[  234.572952][ T9233] RBP: 0000200000000000 R08: 00007fa1ed9f5ef0 R09: 0000000000000000
[  234.572965][ T9233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000012500
[  234.572977][ T9233] R13: 00007fa1ed9f5eb0 R14: 00000000000125cf R15: 0000200000000180
[  234.573007][ T9233]  </TASK>
[  235.155263][ T5829] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  235.170466][ T2992] Quota error (device loop1): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync!
[  235.237907][ T9260] netlink: 'syz.0.1125': attribute type 11 has an invalid length.
[  235.257059][ T2992] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  235.282061][ T2992] Quota error (device loop1): write_blk: dquota write failed
[  235.301643][ T2992] Quota error (device loop1): free_dqentry: Can't write quota data block 5
[  235.570263][ T5913] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  235.744027][ T5913] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[  235.775245][ T5913] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  235.793479][ T5913] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  235.809932][ T5913] usb 3-1: config 220 has no interface number 2
[  235.822036][ T5913] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  235.865242][ T5913] usb 3-1: config 220 interface 0 has no altsetting 0
[  235.892577][ T5913] usb 3-1: config 220 interface 76 has no altsetting 0
[  235.899491][ T5913] usb 3-1: config 220 interface 1 has no altsetting 0
[  235.912536][ T5913] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  235.923843][ T5913] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  235.933859][ T5913] usb 3-1: Product: syz
[  235.938069][ T5913] usb 3-1: Manufacturer: syz
[  235.947293][ T5913] usb 3-1: SerialNumber: syz
[  235.958539][ T9283] program syz.0.1144 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  236.192137][ T5913] usb 3-1: selecting invalid altsetting 0
[  236.210749][ T5913] usb 3-1: Found UVC 7.01 device syz (8086:0b07)
[  236.217740][ T5913] usb 3-1: No valid video chain found.
[  236.265677][ T5913] usb 3-1: selecting invalid altsetting 0
[  236.274095][ T5913] usbtest 3-1:220.1: probe with driver usbtest failed with error -22
[  236.321359][ T5913] usb 3-1: USB disconnect, device number 9
[  236.388880][ T9294] loop0: detected capacity change from 0 to 4096
[  236.409093][ T9294] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[  236.428874][ T5952] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  236.439426][ T9297] loop4: detected capacity change from 0 to 512
[  236.495592][ T9297] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  236.534013][ T9294] ntfs3(loop0): ino=1a, mi_enum_attr
[  236.547026][ T9294] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  236.553831][ T9297] EXT4-fs (loop4): orphan cleanup on readonly fs
[  236.576061][ T9297] Quota error (device loop4): v2_read_file_info: Block with free entry 1 out of range (1, 6).
[  236.594802][ T9297] EXT4-fs warning (device loop4): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  236.595547][ T9294] ntfs3(loop0): Failed to initialize $Extend/$ObjId.
[  236.617237][ T5952] usb 2-1: Using ep0 maxpacket: 8
[  236.629229][ T5952] usb 2-1: unable to get BOS descriptor or descriptor too short
[  236.639045][ T5952] usb 2-1: config 4 interface 0 has no altsetting 0
[  236.657883][ T9297] EXT4-fs (loop4): Cannot turn on quotas: error -117
[  236.675419][ T5952] usb 2-1: string descriptor 0 read error: -22
[  236.683591][ T9297] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1151: bg 0: block 40: padding at end of block bitmap is not set
[  236.690632][ T5952] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  236.706466][ T9297] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  236.740391][ T5952] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  236.767521][ T5952] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  236.793364][ T5952] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  236.807116][ T9297] EXT4-fs (loop4): 1 truncate cleaned up
[  236.838164][ T5952] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  236.843774][ T9297] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  236.873993][ T5952] usb 2-1: media controller created
[  236.941811][ T9297] EXT4-fs error (device loop4): ext4_get_link:106: inode #16: comm syz.4.1151: bad symlink.
[  236.958144][ T5952] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  236.961678][ T9297] EXT4-fs error (device loop4): ext4_get_link:106: inode #16: comm syz.4.1151: bad symlink.
[  236.996201][ T9291] usb 2-1: dvb_usb_au6610: wlen=0, aborting
[  237.099597][ T5952] zl10353_read_register: readreg error (reg=127, ret==0)
[  237.105351][ T5843] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  237.236446][ T5952] usb 2-1: USB disconnect, device number 11
[  237.535121][ T9308] loop0: detected capacity change from 0 to 32768
[  237.620864][ T5836] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  237.666633][ T9308] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  237.666667][ T9308]   allowing incompatible features above 0.0: (unknown version)
[  237.666682][ T9308]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  237.782163][ T9308] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[  237.791154][ T9308] bcachefs (loop0): initializing new filesystem
[  237.808008][ T9308] bcachefs (loop0): going read-write
[  237.819589][ T9308] bcachefs (loop0): marking superblocks
[  237.831111][ T5836] usb 3-1: Using ep0 maxpacket: 32
[  237.838009][ T9308] bcachefs (loop0): initializing freespace
[  237.847188][ T5836] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  237.848537][ T9308] bcachefs (loop0): done initializing freespace
[  237.864982][ T9308] bcachefs (loop0): reading snapshots table
[  237.871159][ T9308] bcachefs (loop0): reading snapshots done
[  237.879432][ T5836] usb 3-1: config 0 has no interface number 0
[  237.898998][ T9308] bcachefs (loop0): done starting filesystem
[  237.909006][ T5836] usb 3-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  237.943786][ T5836] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  237.975764][ T5836] usb 3-1: Product: syz
[  238.000070][ T5836] usb 3-1: Manufacturer: syz
[  238.006806][ T5836] usb 3-1: SerialNumber: syz
[  238.026536][ T5836] usb 3-1: config 0 descriptor??
[  238.047413][ T5836] usb 3-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  238.048276][   T30] audit: type=1800 audit(1751316440.167:46): pid=9308 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1155" name="file1" dev="loop0" ino=4098 res=0 errno=0
[  238.066512][ T5836] usb 3-1: selecting invalid altsetting 1
[  238.119939][ T5836] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  238.156412][ T5836] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  238.203938][ T5836] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  238.215309][ T5836] usb 3-1: media controller created
[  238.275917][ T5836] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  238.342313][ T5836] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  238.352193][ T5836] zl10353_read_register: readreg error (reg=127, ret==-71)
[  238.362171][ T5836] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  238.485030][ T5836] usb 3-1: USB disconnect, device number 10
[  238.523405][ T9323] loop1: detected capacity change from 0 to 32768
[  238.534619][ T9323] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1159 (9323)
[  238.545707][ T9308] syz.0.1155 (9308) used greatest stack depth: 16408 bytes left
[  238.620024][ T5949] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  238.629739][ T9323] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  238.646780][ T5830] bcachefs (loop0): shutting down
[  238.657260][ T5830] bcachefs (loop0): going read-only
[  238.657295][ T5830] bcachefs (loop0): finished waiting for writes to stop
[  238.663352][ T9323] BTRFS info (device loop1): using sha256 (sha256-x86_64) checksum algorithm
[  238.663436][ T9323] BTRFS info (device loop1): using free-space-tree
[  238.663579][ T5830] bcachefs (loop0): flushing journal and stopping allocators, journal seq 3
[  238.733723][ T5830] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 4
[  238.734959][ T5830] bcachefs (loop0): clean shutdown complete, journal seq 5
[  238.735863][ T5830] bcachefs (loop0): marking filesystem clean
[  238.799938][ T5949] usb 5-1: Using ep0 maxpacket: 16
[  238.805528][ T5949] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[  238.805558][ T5949] usb 5-1: config 0 has no interface number 0
[  238.805605][ T5949] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  238.805634][ T5949] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  238.809802][ T5949] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  238.810098][ T5949] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  238.810124][ T5949] usb 5-1: Product: syz
[  238.810141][ T5949] usb 5-1: SerialNumber: syz
[  238.817375][ T5949] usb 5-1: config 0 descriptor??
[  238.822505][ T5830] bcachefs (loop0): shutdown complete
[  238.868171][ T5949] cm109 5-1:0.8: invalid payload size 0, expected 4
[  238.886844][ T5949] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input11
[  239.037637][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  239.039628][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  239.039849][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  239.040263][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  239.040492][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  239.040709][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  239.040931][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  239.041138][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  239.041344][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  239.041551][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  239.044758][    C0] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  239.044835][ T5949] usb 5-1: USB disconnect, device number 6
[  239.061498][ T5949] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  239.146948][   T56] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared)
[  239.374340][ T5829] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  239.905743][ T9359] xt_CT: No such helper "pptp"
[  239.997313][ T9363] loop1: detected capacity change from 0 to 128
[  240.071787][ T9363] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  240.092598][ T9363] ext4 filesystem being mounted at /209/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  240.197608][ T5829] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  240.215436][ T9369] use of bytesused == 0 is deprecated and will be removed in the future,
[  240.224657][ T9369] use the actual size instead.
[  240.293329][ T9353] loop2: detected capacity change from 0 to 32768
[  240.326133][ T9353] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1165 (9353)
[  240.397560][ T9353] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  240.460062][ T9353] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  240.468646][ T9353] BTRFS info (device loop2): using free-space-tree
[  240.698026][ T9353] BTRFS info (device loop2): rebuilding free space tree
[  240.801221][ T9394] loop1: detected capacity change from 0 to 4096
[  240.860677][ T9394] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[  241.116984][ T9401] loop4: detected capacity change from 0 to 512
[  241.123424][ T9394] Invalid source name
[  241.174002][ T5833] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  241.230451][ T9401] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  241.304482][ T9401] ext4 filesystem being mounted at /276/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  241.440309][ T9408] sp0: Synchronizing with TNC
[  241.646416][ T5843] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  241.934559][ T9425] loop1: detected capacity change from 0 to 128
[  242.198354][ T9433] loop4: detected capacity change from 0 to 128
[  242.231977][ T9433] EXT4-fs: Ignoring removed nobh option
[  242.257067][ T9433] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  242.333319][ T9433] ext4 filesystem being mounted at /278/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  242.547607][ T9441] loop3: detected capacity change from 0 to 2048
[  242.585764][ T5843] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  242.621066][ T9441] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  243.265044][ T9462] loop0: detected capacity change from 0 to 4096
[  243.340217][ T9469] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  243.531068][ T9474] loop4: detected capacity change from 0 to 256
[  243.545006][ T9475] loop1: detected capacity change from 0 to 1024
[  243.746597][   T12] hfsplus: b-tree write err: -5, ino 4
[  244.047813][ T9486] loop3: detected capacity change from 0 to 2048
[  244.076717][ T9486] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  244.099984][ T9486] NILFS (loop3): mounting unchecked fs
[  244.113834][ T9490] loop0: detected capacity change from 0 to 1024
[  244.147815][ T9486] NILFS (loop3): recovery complete
[  244.154690][ T6008] udevd[6008]: incorrect nilfs2 checksum on /dev/loop3
[  244.197758][ T6008] udevd[6008]: incorrect nilfs2 checksum on /dev/loop3
[  244.214680][ T9492] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  244.945158][ T9512] loop4: detected capacity change from 0 to 256
[  245.035005][ T9493] loop1: detected capacity change from 0 to 32768
[  245.064711][ T9493] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1218 (9493)
[  245.109193][ T9493] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  245.155849][ T9493] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[  245.197936][ T9493] BTRFS info (device loop1): using free-space-tree
[  245.206469][ T5843] FAT-fs (loop4): error, corrupted directory (invalid entries)
[  245.232107][ T5843] FAT-fs (loop4): error, corrupted directory (invalid entries)
[  245.306557][ T9527] loop2: detected capacity change from 0 to 512
[  245.415745][ T9527] EXT4-fs error (device loop2): ext4_iget_extra_inode:5034: inode #15: comm syz.2.1230: corrupted in-inode xattr: overlapping e_value 
[  245.453495][ T9527] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.1230: couldn't read orphan inode 15 (err -117)
[  245.532480][ T5829] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  245.544597][ T9527] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  245.739592][ T5833] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  246.047190][ T9548] block device autoloading is deprecated and will be removed.
[  246.418191][ T9558] loop0: detected capacity change from 0 to 128
[  246.494363][   T30] audit: type=1800 audit(1751316448.617:47): pid=9558 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1241" name="file2" dev="loop0" ino=1048747 res=0 errno=0
[  246.538248][ T9558] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  246.573121][ T9558] FAT-fs (loop0): Filesystem has been set read-only
[  246.607149][ T9558] syz.0.1241: attempt to access beyond end of device
[  246.607149][ T9558] loop0: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  246.619127][ T9561] loop1: detected capacity change from 0 to 256
[  246.663818][ T9564] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1247'.
[  246.678193][ T9564] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1247'.
[  246.690431][ T9558] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  246.698323][ T9558] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  246.705529][ T9561] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  246.745949][ T9561] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe622a5da, utbl_chksum : 0xe619d30d)
[  246.771988][ T9558] syz.0.1241: attempt to access beyond end of device
[  246.771988][ T9558] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  246.775622][ T9564] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1247'.
[  246.820208][ T9558] syz.0.1241: attempt to access beyond end of device
[  246.820208][ T9558] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  246.842214][ T9565] loop3: detected capacity change from 0 to 4096
[  246.853022][ T9564] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1247'.
[  246.871154][ T9558] syz.0.1241: attempt to access beyond end of device
[  246.871154][ T9558] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  246.936979][ T9558] syz.0.1241: attempt to access beyond end of device
[  246.936979][ T9558] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  246.938840][ T9566] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  246.978032][ T9558] syz.0.1241: attempt to access beyond end of device
[  246.978032][ T9558] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  247.022151][ T9565] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=12)
[  247.046614][ T9558] syz.0.1241: attempt to access beyond end of device
[  247.046614][ T9558] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  247.100537][ T9558] syz.0.1241: attempt to access beyond end of device
[  247.100537][ T9558] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  247.124436][ T9565] Remounting filesystem read-only
[  247.173821][ T9558] syz.0.1241: attempt to access beyond end of device
[  247.173821][ T9558] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  247.230542][ T9570] loop2: detected capacity change from 0 to 512
[  247.241206][ T9558] syz.0.1241: attempt to access beyond end of device
[  247.241206][ T9558] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  247.303114][ T9570] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  247.358527][ T9570] ext4 filesystem being mounted at /274/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  247.520149][   T31] INFO: task kworker/1:2:980 blocked for more than 143 seconds.
[  247.527854][   T31]       Not tainted 6.16.0-rc4-next-20250630-syzkaller #0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  247.561167][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  247.561937][ T5850] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  247.585129][ T5850] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  247.593769][ T5850] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  247.605780][ T5850] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  247.613550][ T5850] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  247.625022][   T31] task:kworker/1:2     state:D stack:23960 pid:980   tgid:980   ppid:2      task_flags:0x4208060 flags:0x00004000
[  247.637320][   T31] Workqueue: events_power_efficient hub_init_func2
[  247.644011][   T31] Call Trace:
[  247.647319][   T31]  <TASK>
[  247.656286][   T31]  __schedule+0x16f5/0x4d00
[  247.669529][   T31]  ? do_raw_spin_unlock+0x122/0x240
[  247.674879][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  247.681368][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  247.686771][   T31]  ? schedule+0x165/0x360
[  247.691200][   T31]  ? __pfx___schedule+0x10/0x10
[  247.696115][   T31]  ? schedule+0x91/0x360
[  247.700501][   T31]  schedule+0x165/0x360
[  247.704702][   T31]  schedule_preempt_disabled+0x13/0x30
[  247.710264][   T31]  __mutex_lock+0x724/0xe80
[  247.714812][   T31]  ? do_raw_spin_unlock+0x122/0x240
[  247.720151][   T31]  ? __mutex_lock+0x51b/0xe80
[  247.724873][   T31]  ? hub_activate+0xb7/0x1ea0
[  247.729612][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  247.734792][   T31]  ? do_raw_spin_lock+0x121/0x290
[  247.740092][   T31]  ? __lock_acquire+0xab9/0xd20
[  247.744996][   T31]  hub_activate+0xb7/0x1ea0
[  247.749634][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  247.759975][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  247.765235][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  247.775635][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  247.781537][   T31]  process_scheduled_works+0xae1/0x17b0
[  247.789421][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  247.796512][   T31]  worker_thread+0x8a0/0xda0
[  247.801270][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  247.807649][   T31]  ? __kthread_parkme+0x7b/0x200
[  247.819986][   T31]  kthread+0x70e/0x8a0
[  247.826338][   T31]  ? __pfx_worker_thread+0x10/0x10
[  247.907793][   T31]  ? __pfx_kthread+0x10/0x10
[  247.929933][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  247.935211][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  247.943203][ T9576] lo speed is unknown, defaulting to 1000
[  247.963501][   T31]  ? __pfx_kthread+0x10/0x10
[  247.968179][   T31]  ret_from_fork+0x3fc/0x770
[  247.980413][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  247.985610][   T31]  ? __switch_to_asm+0x39/0x70
[  248.010177][   T31]  ? __switch_to_asm+0x33/0x70
[  248.015012][   T31]  ? __pfx_kthread+0x10/0x10
[  248.019635][   T31]  ret_from_fork_asm+0x1a/0x30
[  248.050961][   T31]  </TASK>
[  248.057798][ T5833] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  248.075166][   T31] INFO: task kworker/1:7:5948 blocked for more than 143 seconds.
[  248.083545][   T31]       Not tainted 6.16.0-rc4-next-20250630-syzkaller #0
[  248.120111][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  248.128834][   T31] task:kworker/1:7     state:D stack:24264 pid:5948  tgid:5948  ppid:2      task_flags:0x4288060 flags:0x00004000
[  248.189905][   T31] Workqueue: usb_hub_wq hub_event
[  248.195036][   T31] Call Trace:
[  248.198343][   T31]  <TASK>
[  248.219929][   T31]  __schedule+0x16f5/0x4d00
[  248.224528][   T31]  ? schedule+0x165/0x360
[  248.228900][   T31]  ? __pfx___schedule+0x10/0x10
[  248.249903][   T31]  ? preempt_schedule_common+0x83/0xd0
[  248.255441][   T31]  ? __pfx_preempt_schedule+0x10/0x10
[  248.269909][   T31]  ? schedule+0x91/0x360
[  248.274227][   T31]  schedule+0x165/0x360
[  248.278423][   T31]  schedule_timeout+0x9a/0x270
[  248.293714][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  248.299166][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  248.304468][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  248.309717][   T31]  ? wait_for_completion+0x267/0x5d0
[  248.315117][   T31]  wait_for_completion+0x2bf/0x5d0
[  248.320355][   T31]  ? __pfx_wait_for_completion+0x10/0x10
[  248.326086][   T31]  ? __flush_work+0xd2/0xbc0
[  248.330883][   T31]  ? __flush_work+0xd2/0xbc0
[  248.335520][   T31]  __flush_work+0x9b9/0xbc0
[  248.340169][   T31]  ? __flush_work+0xd2/0xbc0
[  248.344858][   T31]  ? __pfx___flush_work+0x10/0x10
[  248.350009][   T31]  ? __pfx_wq_barrier_func+0x10/0x10
[  248.355358][   T31]  ? __queue_work+0xc56/0xfb0
[  248.364119][   T31]  ? flush_delayed_work+0x11d/0x190
[  248.369481][   T31]  flush_delayed_work+0x13e/0x190
[  248.374629][   T31]  ? __pfx_flush_delayed_work+0x10/0x10
[  248.384036][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  248.389292][   T31]  ? usb_hcd_flush_endpoint+0x3e9/0x400
[  248.397914][   T31]  hub_quiesce+0x1f0/0x330
[  248.406803][   T31]  hub_disconnect+0xc8/0x470
[  248.411515][   T31]  usb_unbind_interface+0x26b/0x910
[  248.416757][   T31]  ? __pfx_usb_unbind_interface+0x10/0x10
[  248.426176][   T31]  device_release_driver_internal+0x4d6/0x7c0
[  248.432381][   T31]  bus_remove_device+0x34d/0x410
[  248.437362][   T31]  device_del+0x511/0x8e0
[  248.444010][   T31]  ? kfree+0x18e/0x440
[  248.448222][   T31]  ? __pfx_device_del+0x10/0x10
[  248.453333][   T31]  ? kobject_put+0x446/0x480
[  248.457964][   T31]  usb_disable_device+0x3e9/0x8a0
[  248.463356][   T31]  usb_disconnect+0x330/0x950
[  248.468061][   T31]  hub_event+0x1cdb/0x4a00
[  248.472634][   T31]  ? do_raw_spin_lock+0x121/0x290
[  248.477776][   T31]  ? register_lock_class+0x51/0x320
[  248.483334][   T31]  ? __pfx_hub_event+0x10/0x10
[  248.488158][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  248.494573][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  248.500050][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  248.505804][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  248.511668][   T31]  process_scheduled_works+0xae1/0x17b0
[  248.517273][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  248.523735][   T31]  worker_thread+0x8a0/0xda0
[  248.528368][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  248.534831][   T31]  ? __kthread_parkme+0x7b/0x200
[  248.539878][   T31]  kthread+0x70e/0x8a0
[  248.543999][   T31]  ? __pfx_worker_thread+0x10/0x10
[  248.549145][   T31]  ? __pfx_kthread+0x10/0x10
[  248.554122][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  248.559345][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  248.564606][   T31]  ? __pfx_kthread+0x10/0x10
[  248.569403][   T31]  ret_from_fork+0x3fc/0x770
[  248.574141][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  248.579294][   T31]  ? __switch_to_asm+0x39/0x70
[  248.584417][   T31]  ? __switch_to_asm+0x33/0x70
[  248.589198][   T31]  ? __pfx_kthread+0x10/0x10
[  248.593844][   T31]  ret_from_fork_asm+0x1a/0x30
[  248.598656][   T31]  </TASK>
[  248.601809][   T31] 
[  248.601809][   T31] Showing all locks held in the system:
[  248.609549][   T31] 1 lock held by khungtaskd/31:
[  248.614972][   T31]  #0: ffffffff8e13bee0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  248.624938][   T31] 3 locks held by kworker/1:1/43:
[  248.630147][   T31]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  248.643109][   T31]  #1: ffffc90000b37bc0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  248.653608][   T31]  #2: ffffffff8e1419f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[  248.664595][   T31] 3 locks held by kworker/1:2/980:
[  248.669707][   T31]  #0: ffff88801a482148 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  248.682487][   T31]  #1: ffffc90003a87bc0 ((work_completion)(&(&hub->init_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  248.695485][   T31]  #2: ffff8880339a2198 (&dev->mutex){....}-{4:4}, at: hub_activate+0xb7/0x1ea0
[  248.704663][   T31] 2 locks held by getty/5591:
[  248.709339][   T31]  #0: ffff88814e0770a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  248.719445][   T31]  #1: ffffc90002fde2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  248.735303][   T31] 4 locks held by syz-executor/5830:
[  248.741649][   T31]  #0: ffff888078924dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510
[  248.752968][   T31]  #1: ffff8880789240b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330
[  248.762760][   T31]  #2: ffffffff8f67dc68 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230
[  248.772941][   T31]  #3: ffff88814e0a4b38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680
[  248.782407][   T31] 4 locks held by udevd/5852:
[  248.787097][   T31]  #0: ffff888032785790 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe10
[  248.796081][   T31]  #1: ffff888057104c88 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x55/0x3c0
[  248.805672][   T31]  #2: ffff888058680008 (kn->active#21){.+.+}-{0:0}, at: kernfs_seq_start+0x75/0x3c0
[  248.815289][   T31]  #3: ffff8880339a2198 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0
[  248.824697][   T31] 5 locks held by kworker/1:7/5948:
[  248.830002][   T31]  #0: ffff888144e9d148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  248.841415][   T31]  #1: ffffc900047cfbc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  248.853547][   T31]  #2: ffff88823be7e998 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00
[  248.862604][   T31]  #3: ffff8880339a2198 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0xf8/0x950
[  248.871907][   T31]  #4: ffff888078b68160 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x7c0
[  248.882725][   T31] 1 lock held by syz-executor/9576:
[  248.887990][   T31]  #0: ffffffff8f509fd0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  248.945993][   T31] 
[  248.948370][   T31] =============================================
[  248.948370][   T31] 
[  248.989903][   T31] NMI backtrace for cpu 1
[  248.989924][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  248.989948][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  248.989961][   T31] Call Trace:
[  248.989969][   T31]  <TASK>
[  248.989979][   T31]  dump_stack_lvl+0x189/0x250
[  248.990014][   T31]  ? __wake_up_klogd+0xd9/0x110
[  248.990037][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  248.990066][   T31]  ? __pfx__printk+0x10/0x10
[  248.990101][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  248.990133][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  248.990156][   T31]  ? _printk+0xcf/0x120
[  248.990183][   T31]  ? __pfx__printk+0x10/0x10
[  248.990207][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  248.990235][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  248.990265][   T31]  watchdog+0xfee/0x1030
[  248.990289][   T31]  ? watchdog+0x1de/0x1030
[  248.990319][   T31]  kthread+0x70e/0x8a0
[  248.990342][   T31]  ? __pfx_watchdog+0x10/0x10
[  248.990363][   T31]  ? __pfx_kthread+0x10/0x10
[  248.990384][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  248.990413][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  248.990441][   T31]  ? __pfx_kthread+0x10/0x10
[  248.990463][   T31]  ret_from_fork+0x3fc/0x770
[  248.990493][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  248.990526][   T31]  ? __switch_to_asm+0x39/0x70
[  248.990544][   T31]  ? __switch_to_asm+0x33/0x70
[  248.990562][   T31]  ? __pfx_kthread+0x10/0x10
[  248.990582][   T31]  ret_from_fork_asm+0x1a/0x30
[  248.990618][   T31]  </TASK>
[  248.990626][   T31] Sending NMI from CPU 1 to CPUs 0:
[  249.149273][    C0] NMI backtrace for cpu 0
[  249.149292][    C0] CPU: 0 UID: 0 PID: 9014 Comm: syz.3.1033 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  249.149313][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  249.149325][    C0] RIP: 0010:check_preemption_disabled+0x63/0x120
[  249.149349][    C0] Code: 08 0f 85 cc 00 00 00 48 83 c4 10 5b 41 5e 41 5f 5d c3 cc cc cc cc cc 48 c7 04 24 00 00 00 00 9c 8f 04 24 f7 04 24 00 02 00 00 <74> c8 65 4c 8b 3c 25 08 30 a0 92 41 f6 47 2f 04 74 0a 41 83 bf 18
[  249.149364][    C0] RSP: 0018:ffffc90003947498 EFLAGS: 00000046
[  249.149381][    C0] RAX: 0000000000000000 RBX: 0000000000000202 RCX: 0000000080000000
[  249.149392][    C0] RDX: ffffc90003947601 RSI: ffffffff8d9a65dc RDI: ffffffff8be31d00
[  249.149406][    C0] RBP: dffffc0000000000 R08: ffffc90003947730 R09: 0000000000000000
[  249.149418][    C0] R10: ffffc90003947658 R11: fffff52000728ecd R12: ffffc90003947740
[  249.149431][    C0] R13: ffffffff81728c65 R14: ffffffff8e13bee0 R15: ffff888024fb9e00
[  249.149444][    C0] FS:  0000000000000000(0000) GS:ffff888125c1d000(0000) knlGS:0000000000000000
[  249.149458][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  249.149470][    C0] CR2: 00007f6c06ba06c8 CR3: 000000002b6a8000 CR4: 00000000003526f0
[  249.149485][    C0] Call Trace:
[  249.149492][    C0]  <TASK>
[  249.149501][    C0]  lock_release+0xbc/0x3e0
[  249.149522][    C0]  ? unwind_next_frame+0x19ae/0x2390
[  249.149546][    C0]  ? deref_stack_reg+0x19f/0x230
[  249.149571][    C0]  ? unwind_next_frame+0xa5/0x2390
[  249.149594][    C0]  unwind_next_frame+0x19a9/0x2390
[  249.149621][    C0]  ? unwind_next_frame+0xa5/0x2390
[  249.149645][    C0]  ? stack_trace_save+0x9c/0xe0
[  249.149663][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  249.149679][    C0]  arch_stack_walk+0x11c/0x150
[  249.149708][    C0]  ? save_stack+0xf5/0x1f0
[  249.149735][    C0]  stack_trace_save+0x9c/0xe0
[  249.149750][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  249.149771][    C0]  save_stack+0xf5/0x1f0
[  249.149797][    C0]  ? __pfx_save_stack+0x10/0x10
[  249.149835][    C0]  ? page_ext_put+0x97/0xc0
[  249.149866][    C0]  __reset_page_owner+0x71/0x1f0
[  249.149893][    C0]  __free_frozen_pages+0xb80/0xd80
[  249.149915][    C0]  vfree+0x25a/0x400
[  249.149941][    C0]  ? __pfx_kcov_close+0x10/0x10
[  249.149960][    C0]  kcov_close+0x28/0x50
[  249.149977][    C0]  __fput+0x449/0xa70
[  249.150003][    C0]  task_work_run+0x1d1/0x260
[  249.150023][    C0]  ? __pfx_task_work_run+0x10/0x10
[  249.150042][    C0]  ? kmem_cache_free+0x18f/0x400
[  249.150071][    C0]  do_exit+0x6b5/0x2300
[  249.150091][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  249.150113][    C0]  ? do_raw_spin_lock+0x121/0x290
[  249.150131][    C0]  ? __pfx_do_exit+0x10/0x10
[  249.150167][    C0]  do_group_exit+0x21c/0x2d0
[  249.150183][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  249.150209][    C0]  get_signal+0x1286/0x1340
[  249.150242][    C0]  arch_do_signal_or_restart+0x9a/0x750
[  249.150262][    C0]  ? __pfx_get_timespec64+0x10/0x10
[  249.150283][    C0]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  249.150311][    C0]  ? exit_to_user_mode_loop+0x40/0x110
[  249.150333][    C0]  exit_to_user_mode_loop+0x75/0x110
[  249.150353][    C0]  do_syscall_64+0x2bd/0x3b0
[  249.150367][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  249.150391][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  249.150408][    C0]  ? clear_bhb_loop+0x60/0xb0
[  249.150427][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  249.150442][    C0] RIP: 0033:0x7fa1efbc11e5
[  249.150456][    C0] Code: Unable to access opcode bytes at 0x7fa1efbc11bb.
[  249.150465][    C0] RSP: 002b:00007fa1ed9f5f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
[  249.150481][    C0] RAX: fffffffffffffdfc RBX: 00007fa1efdb5fa0 RCX: 00007fa1efbc11e5
[  249.150493][    C0] RDX: 00007fa1ed9f5fc0 RSI: 0000000000000000 RDI: 0000000000000000
[  249.150503][    C0] RBP: 00007fa1efc10b39 R08: 0000000000000000 R09: 0000000000000000
[  249.150514][    C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  249.150524][    C0] R13: 0000000000000001 R14: 00007fa1efdb5fa0 R15: 00007fff9c8b2c88
[  249.150544][    C0]  </TASK>
[  249.684937][ T5845] Bluetooth: hci4: command tx timeout
[  249.700718][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  249.707617][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  249.718911][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  249.728985][   T31] Call Trace:
[  249.732271][   T31]  <TASK>
[  249.735207][   T31]  dump_stack_lvl+0x99/0x250
[  249.739826][   T31]  ? __asan_memcpy+0x40/0x70
[  249.744432][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  249.752734][   T31]  ? __pfx__printk+0x10/0x10
[  249.757358][   T31]  panic+0x2db/0x790
[  249.761277][   T31]  ? __pfx_panic+0x10/0x10
[  249.765708][   T31]  ? __pfx_delay_tsc+0x10/0x10
[  249.770487][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[  249.776313][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  249.781693][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[  249.787861][   T31]  watchdog+0x102d/0x1030
[  249.792204][   T31]  ? watchdog+0x1de/0x1030
[  249.796636][   T31]  kthread+0x70e/0x8a0
[  249.800719][   T31]  ? __pfx_watchdog+0x10/0x10
[  249.805403][   T31]  ? __pfx_kthread+0x10/0x10
[  249.809998][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  249.815210][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  249.820417][   T31]  ? __pfx_kthread+0x10/0x10
[  249.825007][   T31]  ret_from_fork+0x3fc/0x770
[  249.829701][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  249.834839][   T31]  ? __switch_to_asm+0x39/0x70
[  249.839608][   T31]  ? __switch_to_asm+0x33/0x70
[  249.844374][   T31]  ? __pfx_kthread+0x10/0x10
[  249.848970][   T31]  ret_from_fork_asm+0x1a/0x30
[  249.853752][   T31]  </TASK>
[  249.857087][   T31] Kernel Offset: disabled
[  249.861414][   T31] Rebooting in 86400 seconds..